How to get .pem file from .key and .crt files?
How can I create a PEM file from an SSL certificate?
These are the files that I have available:
Your keys may already be in PEM format, but just named with .crt or .key.
If the file's content begins with
-----BEGIN and you can read it in a text editor:
The file uses base64, which is readable in ASCII, not binary format. The certificate is already in PEM format. Just change the extension to .pem.
If the file is in binary:
For the server.crt, you would use
openssl x509 -inform DER -outform PEM -in server.crt -out server.crt.pem
For server.key, use
openssl rsa in place of
The server.key is likely your private key, and the .crt file is the returned, signed, x509 certificate.
If this is for a Web server and you cannot specify loading a separate private and public key:
You may need to concatenate the two files. For this use:
cat server.crt server.key > server.includesprivatekey.pem
I would recommend naming files with "includesprivatekey" to help you manage the permissions you keep with this file.
Read more... Read less...
I needed to do this for an AWS ELB. After getting beaten up by the dialog many times, finally this is what worked for me:
openssl rsa -in server.key -text > private.pem openssl x509 -inform PEM -in server.crt > public.pem
Edit: As @floatingrock says
With AWS, don't forget to prepend the filename with
file://. So it'll look like:
aws iam upload-server-certificate --server-certificate-name blah --certificate-body file://path/to/server.crt --private-key file://path/to/private.key --path /cloudfront/static/
pem file contains the certificate and the private key. It depends on the format your certificate/key are in, but probably it's as simple as this:
cat server.crt server.key > server.pem
Additionally, if you don't want it to ask for a passphrase, then need to run the following command:
openssl rsa -in server.key -out server.key
this is the best option to create .pem file
openssl pkcs12 -in MyPushApp.p12 -out MyPushApp.pem -nodes -clcerts
- Download certificate from provisional portal by appleId,
- Export certificate from Key chain and give name (Certificates.p12),
- Open terminal and goto folder where you save above Certificates.p12 file,
Run below commands:
openssl pkcs12 -in Certificates.p12 -out CertificateName.pem -nodes,
openssl pkcs12 -in Certificates.p12 -out pushcert.pem -nodes -clcerts
- Your .pem file ready "pushcert.pem".