Linux Commands

What is a .pem file, and how to use it?

The .pem file format is mostly used to store cryptographic keys. This file can be used for different purposes. The .pem file defines the structure and encoding file type that is used to store the data. The pem file contains the standard dictated format to start and end a file.

We will give you an overview in this article about the .pem file and how to use it.

Basic Syntax

Pem file starts with:

-----BEGIN -----

Base64 encode blocks of Data

-----END -----

Data is encoded with base64 between these tags. The pem file consists of multiple blocks. The purpose of each block or pem file is explained in the header that tells you what the use of the given block is. For example, you see the following heading at the beginning of the pem file.


The above header means all following data strings related to RSA private key details.

How to use the pem File for SSL Certificates?

Using the pem files, you can store the SSL certificates with their associated private keys. More than one certificates are assigned in the full SSL chain, and they work in the following order:

First, an end-user certificate, generally assigned to the domain name by a certificate authority (CA). This certificate file is used in Nginx and Apache to encrypt the HTTPS.

There are optional up to four intermediate certificates assigned to smaller CA by higher authorities.

In the end, the highest certificate is the root certificate that is self-signed by the primary Certificate Authority (CA).

Each certificate in a pem file listed in separate blocks as follows:

  //intermediate Certificates
  //root Certificate

These files will be provided to you from your SSL provider for use in your web server.

The following certificates will be generated through LetsEncrypt’s certbot.

cert.pem chain.pem fullchain.pem privkey.pem

Place all these certificates at this ‘/etc/letsencrypt/live/your-domain-name/’ location.

Now, use these certificates, pass them as the parameter for your web browser in Nginx as follows:

ssl_certificate /etc/letsencrypt/live/domain-name/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain-name/privkey.pem;

For Apache same method can be used but, use SSLCertificateFile and SSLCertificatekeyFile directives as follows:

SSLCertificateFile /etc/letsencrypt/live/domain-name/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/domain-name/privkey.pem

How to use Pem files for SSH?

Pem files can also be used for SSH. It is interesting to note that when you create a new instance for Amazon web services, it provides you a pem file containing a private key, and this key is used to be able to SSH into new instances.

The simplest method to add the private key to your ssh-agent by using the ssh-add command as follows:

ssh-add key file.pem

Run the above command on startup. This does not persist across a system reboot.


We have given a brief overview in this article about the pem file. We explained the basic introduction and use of pem files for SSL certificates and SSH services.

About the author

Karim Buzdar

Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications. As an IT engineer and technical author, he writes for various web sites. He blogs at LinuxWays.