Windows
PEM certificates are frequently used for web servers as they can easily be translated into readable data using a simple text editor. Generally when a PEM encoded file is opened in a text editor, it contains very distinct headers and footers. Below are some examples of different files in PEM format. -----BEGIN CERTIFICATE REQUEST----- MIIB9TCCAWACAQAwgbgxGTAXBgNVBAoMEFF1b1ZhZGlzIExpbWl0ZWQxHDAaBgNV BAsME0RvY3VtZW50IERlcGFydG1lbnQxOTA3BgNVBAMMMFdoeSBhcmUgeW91IGRl Y29kaW5nIG1lPyAgVGhpcyBpcyBvbmx5IGEgdGVzdCEhITERMA8GA1UEBwwISGFt aWx0b24xETAPBgNVBAgMCFBlbWJyb2tlMQswCQYDVQQGEwJCTTEPMA0GCSqGSIb3 DQEJARYAMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCJ9WRanG/fUvcfKiGl EL4aRLjGt537mZ28UU9/3eiJeJznNSOuNLnF+hmabAu7H0LT4K7EdqfF+XUZW/2j RKRYcvOUDGF9A7OjW7UfKk1In3+6QDCi7X34RE161jqoaJjrm/T18TOKcgkkhRzE apQnIDm0Ea/HVzX/PiSOGuertwIDAQABMAsGCSqGSIb3DQEBBQOBgQBzMJdAV4QP Awel8LzGx5uMOshezF/KfP67wJ93UW+N7zXY6AwPgoLj4Kjw+WtU684JL8Dtr9FX ozakE+8p06BpxegR4BR3FMHf6p+0jQxUEAkAyb/mVgm66TyghDGC6/YkiKoZptXQ 98TwDIK/39WEB/V607As+KoYazQG8drorw== -----END CERTIFICATE REQUEST----- Above is the example of a CSR (certificate signing request) in PEM format. You can see that PEM has the characteristics of containing a header, the body (which consists mainly of code) and footer. The header and footer is what identifies the type of file, however be aware that not all PEM files necessarily need them. -----BEGIN CERTIFICATE REQUEST----- and -----END CERTIFICATE REQUEST----- show a CSR in PEM format. -----BEGIN RSA PRIVATE KEY----- and -----END RSA PRIVATE KEY----- show a private key in PEM format. -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- show a certificate file in PEM format. Note: Quotation marks must be included Note: that regardless of certificate's file extension, the certificate must be PEM encoded, not DER encoded. If it is DER encoded, you will not see the words “BEGIN CERTIFICATE" or "END CERTIFICATE".
PEM FORMAT: WHICH STANDS FOR PRIVACY-ENHANCED MAIL : ----------------------------------------------------- The pem format is the most common format among ssl certificates issued by certification authorities. This type of certificate contains the following lines: "-----BEGIN CERTIFICATE----" AND "-----END CERTIFICATE-----". Certificates with the .pem extension are identical to the .crt or .cer extensions. It is thus possible for you to modify the extension of these files. pem certificates can contain both the certificate and the private key in the same file. However, most servers like apache want you to separate them into separate files. 1.PEM CERTIFICATES have the .PEM, .CRT, .CER AND .KEY Extensions 2.They are encoded in ASCII BASE64 format 3.They are generally used for Apache servers OR Similar configurations Most CAS (certificate authority) provide certificates in pem format in base64 ascii encoded files. The certificate file types can be .pem, .crt, .cer, or .key. the .pem file can include the server certificate, the intermediate certificate and the private key in a single file. The server certificate and intermediate certificate can also be in a separate .crt or .cer file. the private key can be in a .key file. pem files use ascii encoding, so you can open them in any text editor such as notepad, ms word etc. Each certificate in the pem file is contained between the: BEGIN CERTIFICATE---- AND ----END CERTIFICATE---- STATEMENTS. The private key is contained between the: BEGIN RSA PRIVATE KEY----- AND -----END RSA PRIVATE KEY----- STATEMENTS. The csr is contained between the: BEGIN CERTIFICATE REQUEST----- AND -----END CERTIFICATE REQUEST----- TATEMENTS.
PEM FORMAT REQUIREMENTS FOR CERTIFICATES AND DOMAIN KEYS When you add a certificate, whether self-generated or certificate authority signed, and when you import a domain key, Ensure that the certificate or domain key meets the following requirements: 1. The certificate or domain key must be stored in a file in pem format with the certificate or domain key included as base64-encoded text between the following markers: A. For a certificate, -----BEGIN CERTIFICATE----- AND -----END CERTIFICATE-----. B. For a pkcs#8 domain key, -----BEGIN PUBLIC KEY----- AND -----END PUBLIC KEY-----. C. For an openssl domain key, -----BEGIN RSA PRIVATE KEY----- AND -----END RSA PRIVATE KEY----- . D. ANY text outside of the begin and end markers is ignored. E. The formats for certificates and domain keys are identical, except for the beginning and ending markers. F. BASE64 text consists of only uppercase and lowercase Roman alphabet characters (A - Z, a - z), the numerals (0 - 9), and the "+" and "/" symbols. 2. The file must be encoded as us-ascii or utf. the file cannot contain extended ascii or non-ascii characters. 3. When you add or replace ca certificates (update or restore), afile can contain multiple certificates. 4. The extension of the file that contains the certificate or domain key does not matter. the .txt or .crt extension are typically used for certificates, and the .key extension is typically used for domain keys. 5. The file that contains the certificate or domain key must be accessible from the browser that you use to access the control center.