{"id":309148,"date":"2021-07-27T13:00:00","date_gmt":"2021-07-27T10:00:00","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/what-is-a-pem-file-and-how-do-you-use-it-cloudsavvy-it\/"},"modified":"2021-07-27T13:00:00","modified_gmt":"2021-07-27T10:00:00","slug":"what-is-a-pem-file-and-how-do-you-use-it-cloudsavvy-it","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/what-is-a-pem-file-and-how-do-you-use-it-cloudsavvy-it\/","title":{"rendered":"#What Is a PEM File and How Do You Use It? \u2013 CloudSavvy IT"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a257057a1495\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a257057a1495\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-pem-file-and-how-do-you-use-it-cloudsavvy-it\/#What_Is_a_PEM_File\" >What Is a PEM File?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-pem-file-and-how-do-you-use-it-cloudsavvy-it\/#PEM_Files_with_SSL_Certificates\" >PEM Files with SSL Certificates<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/buradabiliyorum.com\/en\/what-is-a-pem-file-and-how-do-you-use-it-cloudsavvy-it\/#PEM_Files_with_SSH\" >PEM Files with SSH<\/a><\/li><\/ul><\/nav><\/div>\n<p><strong>&#8220;#What Is a PEM File and How Do You Use It? \u2013 CloudSavvy IT&#8221;<\/strong><\/p>\n<div id=\"article-content-area\">\n<figure style=\"width: 700px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage imgchk9 wp-image-6203 size-full\" srcset=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/10\/0b44345e.png?width=398&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 400w, https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/10\/0b44345e.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1 1200w\" sizes=\"auto, 400w, 1200w\" src=\"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/10\/0b44345e.png?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"Person unlocking digital file with key.\" width=\"700\" height=\"300\" data-crediturl=\"https:\/\/www.shutterstock.com\/image-vector\/cyber-security-digital-file-protection-concept-1223599702\" data-credittext=\"Shutterstock\/FGC\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-vector\/cyber-security-digital-file-protection-concept-1223599702\">Shutterstock\/FGC<\/a><\/span><\/figcaption><\/figure>\n<p>PEM is a container file format often used to store cryptographic keys. It\u2019s used for many different things, as it simply defines the structure and encoding type of the file used to store a bit of data.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"What_Is_a_PEM_File\"><\/span>What Is a PEM File?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>PEM is just a standard; they contain text, and the format dictates that PEM files start with\u2026<\/p>\n<pre>-----BEGIN &lt;type&gt;-----<\/pre>\n<p>\u2026and end with:<\/p>\n<pre>-----END &lt;type&gt;-----<\/pre>\n<p>Everything in between is base64 encoded (<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/en.wikipedia.org\/wiki\/Base64#Base64_table\">uppercase and lowercase letters, digits, <code>+<\/code>, and <code>\/<\/code><\/a>). This forms a block of data that can be used in other programs. A single PEM file can contain multiple blocks.<\/p>\n<p>This can be used to represent all kinds of data, but it\u2019s commonly used to encode keyfiles, such as RSA keys used for SSH, and certificates used for SSL encryption. The PEM file will tell you what it\u2019s used for in the header; for example, you might see a PEM file start with\u2026<\/p>\n<pre>-----BEGIN RSA PRIVATE KEY-----<\/pre>\n<p>\u2026followed by a long string of data, which is the actual RSA private key.<\/p>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"PEM_Files_with_SSL_Certificates\"><\/span>PEM Files with SSL Certificates<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>PEM files are used to store SSL certificates and their associated private keys. Multiple certificates are in the\u00a0full SSL chain, and they work in this order:<\/p>\n<ul>\n<li>The end-user certificate, which is assigned to your domain name by a certificate authority (CA). This is the file you use in nginx and Apache to encrypt HTTPS.<\/li>\n<li>Up to four optional inter<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a>te certificates, given to smaller certificate authorities by higher authorities.<\/li>\n<li>The root certificate, the highest certificate on the chain, which is self-signed by the primary CA.<\/li>\n<\/ul>\n<p>In practice, each certificate is listed in a PEM file, using seperate blocks:<\/p>\n<pre>-----BEGIN CERTIFICATE-----&#13;\n  \/\/end-user&#13;\n-----END CERTIFICATE-----&#13;\n-----BEGIN CERTIFICATE-----&#13;\n  \/\/intermediate&#13;\n-----END CERTIFICATE-----&#13;\n-----BEGIN CERTIFICATE-----&#13;\n  \/\/root&#13;\n-----END CERTIFICATE-----<\/pre>\n<p>You\u2019ll be given these files from your SSL provider for use in your web server. For example, LetsEncrypt\u2019s <code>certbot<\/code> generates the following certificates, placed in <code>\/etc\/letsencrypt\/live\/your-domain-name\/<\/code> :<\/p>\n<pre>cert.pem chain.pem fullchain.pem privkey.pem<\/pre>\n<ul>\n<li><code>cert.pem<\/code>\u00a0is the end-user certificate.<\/li>\n<li><code>chain.pem<\/code>\u00a0is the rest of the chain; in this case, it\u2019s only LetsEncrypt\u2019s root certificate.<\/li>\n<li><code>fullchain.pem<\/code>\u00a0is\u00a0<code>cert.pem<\/code>\u00a0and <code>chain.pem<\/code>\u00a0combined. This is the file passed to nginx with the <code>ssl_certificate<\/code>\u00a0directive.<\/li>\n<li><code>privkey.pem<\/code>\u00a0is an RSA private key generated alongside the certificate.<\/li>\n<\/ul>\n<p>These may also use the <code>.crt<\/code>\u00a0extension; if you\u2019ve self-signed a certificate with OpenSSL, you\u2019ll get a CRT file rather than PEM, though the contents will still be the same, and the usage will be the same.<\/p>\n<p>To use your certificates, you\u2019ll have to pass them as parameters for your web server. For nginx, you\u2019ll want to specify the <code>ssl_certificate<\/code>\u00a0(the full chain PEM file), and <code>ssl_certificate_key<\/code>\u00a0(the RSA private key PEM file), after turning on SSL:<\/p>\n<pre>ssl_certificate \/etc\/letsencrypt\/live\/yourdomain\/fullchain.pem;&#13;\nssl_certificate_key \/etc\/letsencrypt\/live\/yourdomain\/privkey.pem;<\/pre>\n<p>For Apache, setup is largely the same, but you\u2019ll need to use the <code>SSLCertificateFile<\/code> and <code>SSLCertificateKeyFile<\/code> directives:<\/p>\n<pre>SSLCertificateFile \/etc\/letsencrypt\/live\/yourdomain\/fullchain.pem&#13;\nSSLCertificateKeyFile \/etc\/letsencrypt\/live\/yourdomain\/privkey.pem<\/pre>\n<h2 role=\"heading\" aria-level=\"2\"><span class=\"ez-toc-section\" id=\"PEM_Files_with_SSH\"><\/span>PEM Files with SSH<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>PEM files are also used for SSH.\u00a0If you\u2019ve ever run <code>ssh-keygen<\/code>\u00a0to use ssh without a password, your <code>~\/.ssh\/id_rsa<\/code>\u00a0is a PEM file, just without the extension.<\/p>\n<p>Most notably, Amazon Web Services gives you a PEM file containing a private key whenever you create a new instance, and you must use this key to be able to SSH into new EC2 instances.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>How to Add Your EC2 PEM File to Your SSH Keychain<\/em><\/strong><\/p>\n<p>You\u2019ll have to use the <code>-i<\/code>\u00a0flag with <code>ssh<\/code> to specify that you want to use this new key instead of <code>id_rsa<\/code>:<\/p>\n<pre>ssh -i keyfile.pem root@host<\/pre>\n<p>This will sign you in to the server as normal, but you\u2019ll have to specify this flag each time.<\/p>\n<p>An easier method is to add the private key to your ssh-agent with <code>ssh-add<\/code>:<\/p>\n<pre>ssh-add keyfile.pem<\/pre>\n<p>However, this doesn\u2019t persist across reboots, so you\u2019ll need to run this command on startup or add it to your macOS keychain.<\/p>\n<p>Of course, you could also always simply <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>end your primary public key to the instance\u2019s <code>~\/.ssh\/authorized_keys<\/code> after you\u2019ve signed in once, but this method should work out of the box for any new instances going forward.<\/p>\n<p>It\u2019s worth noting that you should still lock down your SSH server even if you\u2019re using keys yourself.<\/p>\n<p><strong>RELATED:<\/strong> <strong><em>What is SSH Agent Forwarding and How Do You Use It?<\/em><\/strong>\n<\/div>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.cloudsavvyit.com\/1727\/what-is-a-pem-file-and-how-do-you-use-it\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;#What Is a PEM File and How Do You Use It? \u2013 CloudSavvy IT&#8221; Shutterstock\/FGC PEM is a container file format often used to store cryptographic keys. It\u2019s used for many different things, as it simply defines the structure and encoding type of the file used to store a bit of data. What Is a&#8230;<\/p>\n","protected":false},"author":1,"featured_media":309149,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.cloudsavvyit.com\/p\/uploads\/2019\/10\/0b44345e.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-309148","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/309148","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=309148"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/309148\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/309149"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=309148"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=309148"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=309148"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}