PEM is a widely used encoding format for security certificates. Syntax and content is defined by X.509 v3 standards for digital certificates, defined in IETF RFC 5280 specifications. The main file extensions are .pem, .crt, .ca-bundle.

A PEM certificate is a base64 (ASCII) encoded block of data encapsulated between

—–BEGIN CERTIFICATE —–

and

—–END CERTIFICATE —– lines.

The format of certificate files received from COMODO SSL Certificates → SSL General → Certificate Authority depends on the web-server type option that was chosen during the given certificate’s activation or reissue.

Choosing “Apache, Nginx, cPanel or other” will get you a PEM-encoded SSL certificate. While going with “Microsoft IIS, Tomcat” will set PKCS7 encoding preference, which is suitable for trusted security certificates in Microsoft and Tomcat server environment.

Note! For Symantec (as well as GeoTrust and Thawte), the fulfillment email will always contain a plain-text certificate in PEM format.

In a nutshell, if you have chosen your server type correctly, and the server requires a certificate to be in PEM, you should receive it in PEM. So there is no need to create a PEM file since the certificate is already in PEM format. Though, in case of nginx it is required to combine your certificate with CA certificates in a single file. You will need to open the certificate in a text editor and paste a CA Bundle received from the Certificate Authority below your certificates in the same file. There should not be any blanks between the certificate’s footer and the Bundle’s header. The extensions like .crt, .cert should not confuse you since they do not influence the certificate’s format.

A certificate in PEM format can be downloaded right within the user account after the certificate is issued.