How to create a .pem File for SSL Certificate Installations

Privacy Enhanced Mail (PEM) files are concatenated certificate containers frequently used in certificate installations when multiple certificates that form a complete chain are being imported as a single file. They are a defined standard in RFCs 1421 through 1424. They can be thought of as a layered container of chained certificates. A .pem file is a container format that may just include the public certificate or the entire certificate chain (private key, public key, root certificates):

  • Private Key
  • Server Certificate (crt, puplic key)
  • (optional) Intermediate CA and/or bundles if signed by a 3rd party

How to create a self-signed PEM file:
req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout key.pem -out cert.pem

How to create a PEM file from existing certificate files that form a chain:

  • (optional) Remove the password from the Private Key by following the steps listed below:
    • Type openssl rsa -in server.key -out nopassword.key and press Enter.
    • Enter the pass phrase of the Private Key.
  • Combine the private key, public certificate and any 3rd party intermediate certificate files:
    • cat nopassword.key > server.pem
    • cat server.crt >> server.pem
      • Repeat this step as needed for third-party certificate chain files, bundles, etc:
        cat intermediate.crt >> server.pem

Deixe um comentário

O seu endereço de e-mail não será publicado. Campos obrigatórios são marcados com *

Esse site utiliza o Akismet para reduzir spam. Aprenda como seus dados de comentários são processados.