.pem TLS/SSL Creation Instructions
SSL .pem files (concatenated certificate container files), are frequently required for certificate installations when multiple certificates are being imported as one file.
This article contains multiple sets of instructions that walk through various .pem file creation scenarios for certificate installation.
- Create a .pem file with the Entire TLS/SSL Certificate Trust Chain
- Create a .pem file with the TLS/SSL Server and Intermediate Certificates
- Create a .pem with the Private Key and Entire Trust Chain
Create a .pem file with the Entire TLS/SSL Certificate Trust Chain
- In your CertCentral account, on the certificate's order details page, download your Intermediate (DigiCertCA.crt), Root (TrustedRoot.crt), and Primary Certificates (your_domain_name.crt).
See Download a TLS/SSL certificate from your CertCentral account - Open a text editor (such as Notepad) and paste the entire body of each certificate into one text file in the following order:
- Primary Certificate - your_domain_name.crt
- Intermediate Certificate - DigiCertCA.crt
- Root Certificate - TrustedRoot.crt
Note: Some servers may require you to add the certificates in the reverse order in the .pem file:
- Root Certificate
- Intermediate Certificate
- Primary Certificate
- Make sure to include the beginning and end tags on each certificate. The result should look like this:
-----BEGIN CERTIFICATE-----
Your Primary TLS/SSL certificate: your_domain_name.crt
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
Your Intermediate certificate: DigiCertCA.crt
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
Your Root certificate: TrustedRoot.crt
-----END CERTIFICATE----- - Save the combined file as your_domain_name.pem.
The .pem file is now ready to use.
Create a .pem file with the TLS/SSL Server and Intermediate Certificates
- In your CertCentral account, on the certificate's order details page, download your Intermediate (DigiCertCA.crt) and Primary Certificates (your_domain_name.crt).
See Download a TLS/SSL certificate from your CertCentral account - Open a text editor (such as Notepad) and paste the entire body of each certificate into one text file in the following order:
- The Primary Certificate - your_domain_name.crt
- The Intermediate Certificate - DigiCertCA.crt
- Make sure to include the beginning and end tags on each certificate. The result should look like this:
-----BEGIN CERTIFICATE-----
Your Primary TLS/SSL certificate: your_domain_name.crt
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
Your Intermediate certificate: DigiCertCA.crt
-----END CERTIFICATE----- - Save the combined file as your_domain_name.pem.
The .pem file is now ready to use.
Create a .pem with the Private Key and Entire Trust Chain
- In your CertCentral account, on the certificate's order details page, download your Intermediate (DigiCertCA.crt), Root (TrustedRoot.crt), and Primary Certificates (your_domain_name.crt).
See Download a TLS/SSL certificate from your CertCentral account - Open a text editor (such as Notepad) and paste the entire body of each certificate into one text file in the following order:
- The Private Key - your_domain_name.key
- The Primary Certificate - your_domain_name.crt
- The Intermediate Certificate - DigiCertCA.crt
- The Root Certificate - TrustedRoot.crt
- Make sure to include the beginning and end tags on each certificate. The result should look like this:
-----BEGIN RSA PRIVATE KEY-----
Your Private Key: your_domain_name.key
-----END RSA PRIVATE KEY----------BEGIN CERTIFICATE-----
Your Primary TLS/SSL certificate: your_domain_name.crt
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
Your Intermediate certificate: DigiCertCA.crt
-----END CERTIFICATE----------BEGIN CERTIFICATE-----
Your Root certificate: TrustedRoot.crt
-----END CERTIFICATE----- - Save the combined file as your_domain_name.pem.
The .pem file is now ready to use.