SSL PEM Files: Working with Secure Sockets Layer PEM

Last Updated - February 2, 2019
Working with SSL PEM Files
Working with SSL PEM Files

PEM files can come in handy for installing SSL certificates on web servers. But, it is still a vague term to a lot of people. So, in this article, we will try to shed light on PEM files. Thus, if you are one of them who is struggling with this, you can start reading the rest of the article to know the ins and outs of PEM files and more.

Working with SSL PEM Files

What is PEM Files?

PEM stands for Privacy-Enhanced Mail. This is a file format for encrypted data. The PEM file format is used to store and send secret/cryptographic certificates, keys, and any other data. This is the most prevalent file format used by most of the certificate authorities when it comes to issuing certificates.

There are a lot of reasons behind its popularity. But, the most ubiquitous one is that it can be opened by any text editor. That means the PEM files can be converted into readable data very easily. Generally, a PEM file will contain one or more Base64 encoded keys. Thus, it has become a frequently used format for a lot of SSL tools like OpenSSL.

Origin of PEM files:

PEM was originated as an email security standard. However, the original PEM standards were not officially adopted by the IETF (Internet Engineering Task Force). Rather, PGP (Pretty Good Privacy) and S/MME have taken the place of PEM as the standard of email security. So, PEM files were not used as email encryption standard anymore. But in the meantime, the textual encoding system which was used in PEM files has gained much popularity. Because the encrypted data on a PEM file can be easily read with just a simple text editor.

What is the use of PEM files?

Actually, a lot of cryptography standards use ASN.1 for defining their data structures. Along with that, DER (Distinguished Encoding Rules) is used for serializing or de-serializing those data structures. But the problem with DER is that it produces a binary output. And it is very problematic to transfer this type of files (binary) via systems which only supports ASCII (like Emails). As the PEM files encode the binary data using Base64 (binary-to-text-encoding system), it is very convenient to use this format to send them via email.

Characteristics of a PEM file:

A PEM file will contain a ‘.pem’ extension generally. It can also contain a ‘.cer’ or ‘.crt’ extensions for certificates. Moreover, there can be a ‘.key’ extension for private or public keys.

Normally, PEM will contain a header, the body, and a footer. The structure of the header is like  ‘—–BEGIN LABEL—–‘. The word LABEL will be replaced with the type of the encrypted data. For instance if the encrypted is a private key then the header would look like: ‘—–BEGIN PRIVATE KEY—–‘.

After that, the body will contain the encrypted data (certificates or the keys). Next, you will have the footer which will be like ‘—–END LABEL—–‘. Similarly, the word LABEL will be replaced with the name of the data type. For instance, for containing a certificate, the footer will be ‘—–END CERTIFICATE—–‘.

Example of PEM files:

To make it easier to understand, we will be sharing a sample of a PEM-encoded certificate down below:

You can see that the header here is —–BEGIN CERTIFICATE—–. Because this PEM file is containing a certificate.

Now, here is another example of a PEM file containing a private key. You can easily recognize it from the label which says PRIVATE KEY.

Some rules you should remember regarding PEM files:

  • A PEM file can contain various kinds of encrypted data such as certificates, private keys, public keys, multiple private/public keys, multiple certificates, certificate signing request, and even multiple certificates with multiple keys. For example:

  • However, it is not a good idea to add multiple types of data in a single PEM file for security reasons. So, it is a common practice to create multiple PEM files containing the private/public keys and certificates separately
  • To be noted, the number of the dashes (—–) on the header and the footer is significant. You have to use the exact number of dashes, not more or less

We hope now you know at least a little bit about PEM files. Just remember the rules while working with the PEM files. If you have read the article carefully and followed the rules, it will be a piece of cake to create PEM files for SSL certificate installations.