Verified and Tested 02/05/15

Introduction

This tutorial will go over how to create a .pem file for your SSL. These .pem files are for use with SSLs and while you do not need a .pem, some processes are made easier by having them and they allow for simple copy and pasting as they are designed to be safe for ascii or rich-text documents. For this tutorial, you will need an SSL, self-signed or Certified by another source, the Intermediate and/or Root CA (if Certified), and the SSL key file. We will also be using OpenSSL.

Creating a pem for your existing SSL

Creating a .pem is very simple. If you did not generate your key file for your SSL as a .pem to begin with, you could do so by running the following type of command. You will need to know what format you created your key file in. These can also be used on any part of your SSL files if you need to do conversion.

DER to PEM

openssl x509 –inform der –in yourSSLFile.der –out yourSSLFile.pem

P7B to PEM

openssl pkcs7 –print_certs –in yourSSLFile.p7b –out yourSSLFile.pem

PFX to PEM

openssl pkcs12 –in yourSSLFile.p12 (or .pfx) –out yourSSLFile.pem

Now if you generated your key as a RSA value, you’re in luck and don’t need to perform any conversion. The only thing you may wish to do is strip the passphrase or password out of it and for that you may see the <link Removing the password from your SSL key> page.

Your SSL (if you have it from a certified source) should come with an Intermediate and/or Root CA. You can actually download it from your certified source in the .pem format.

If your SSL file is a .crt or .cert then it’s likely you don’t have to do any conversion. You can try the below to be sure if you do not know:

openssl x509 -in yourSSL.crt -out yourSSL.pem

If this fails, your .crt or .cert file is a different format (likely a DER) and you can use the method described above in the key section to convert it to a .pem.

Now you can combine them all as a .pem file if you’d like or you can simply pick and choose which you’d like to combine. Since the formats are designed to be easy to use, there’s a few ways to combine them. You can simply create a new master .pem file and then open each of your .pem files and copy and paste them in the new master .pem file or cat them all into a single file. Keep in mind that some applications or software will want separate files for the SSL or key or even the Intermediate/Root CAs (like Apache.)

cat /path/to/SSLkey.pem /path/to/SSL.pem /path/to/Intermediate.pem /path/to/Root.pem > /path/to/master.pem

If you do choose the path to copy and paste, make sure you are grabbing everything (yes, even the —-BEGIN and ——END sections.)