How To Create a .pem File from .crt Files

When requesting SSL certificates from IT, they will often provide a bundle of several different files.

Intermediate.crt
Root.crt
ServerCertificate.crt
<DOMAIN>.csr
<DOMAIN>.key

The files that end in .crt are the certificate chain, and you will need to combine them into a single .pem file in order to use them with the .key file your application.

Step 0: Set and environment variable for the domain name

Replace <DOMAIN> with the domain name you are using. For example, if you are using www.jax.org, you would run: export DOMAIN=www.jax.org.

export DOMAIN=<DOMAIN>

Step 1: Combine the .crt files into a single .pem file

The following command will combine the .crt files into a single .pem file. It makes use of sed to remove carriage returns from the files (which show up as ^M and can cause problems), and to combine the files with a newline between them.

sed 's/\r//' ServerCertificate.crt Intermediate.crt Root.crt > mpd.jax.org.pem

Order Matters!

Make sure to put the files in the correct order. The order should be:

ServerCertificate.crt Intermediate.crt Root.crt

What is sed?

sed, which stands for Stream Editor, is a powerful command-line tool used for text manipulation, which is widely used in Unix and Unix-like operating systems such as Linux. It is especially useful for text substitution, but it can also be used for other text manipulations like insertion, deletion, and search.

• man sed

Step 2: Verify the .pem file

Run the following command to verify that the pem has been created correctly.

openssl verify $DOMAIN.pem

It should output something like the following, where <DOMAIN> is the domain name you are using.

<DOMAIN>.pem: OK