[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"extension:v3:en:pem":3},{"resolvedFromAlias":4,"canonicalExt":5,"ext":5,"name":6,"category":7,"categoryName":8,"updatedAt":9,"popularity":10,"summary":11,"howToOs":12,"quickAnswer":18,"answerIntro":19,"whatIs":20,"description":21,"furtherReading":22,"openInstructions":41,"commonIssues":55,"securityNotes":80,"faq":84,"aliases":97,"mimeTypes":98,"relatedExtensions":100,"breadcrumbs":146,"categoryAnchor":156,"categoryFuturePath":157,"metaDescription":158,"availableHowToOs":159,"openOnDeviceLinks":160,"cannotOpenReasons":176,"cannotOpenFixes":177,"convertOptions":178,"securityAffiliateMessaging":179,"securityAffiliates":180},false,"pem","PEM-encoded Certificate","certificates","Certificates","2026-06-12T08:11:31.274Z",75,".pem is a text-based container format commonly used to store X.509 certificates, certificate chains, and sometimes private keys in Base64 with BEGIN/END markers. It is widely used by TLS software such as OpenSSL and Apache HTTP Server.",[13,14,15,16,17],"windows","mac","linux","ios","android","To open .PEM files on Windows, open the .pem in a text editor (e.g., Notepad) to confirm it contains “-----BEGIN …-----” / “-----END …-----” blocks.","To open a .pem file, use a certificate/key tool such as OpenSSL, or open it in a plain-text editor to view the BEGIN/END blocks. On servers, .pem files are commonly consumed by TLS software (for example Apache httpd’s mod_ssl) as certificate and key inputs.","PEM is a textual encoding defined in RFC 7468: Base64-encoded data wrapped in “-----BEGIN …-----” and “-----END …-----” encapsulation boundaries. A .pem file may contain a certificate, a private key, a certificate signing request (CSR), a CRL, or a certificate chain; IANA also registers the media type application/pem-certificate-chain for certificate chains. OpenSSL tools and libraries can read and write PEM as an input/output format for cryptographic material.","Because PEM is plain text, it’s easy to inspect in a text editor; however, the contents can be sensitive when a private key is included. OpenSSL provides both APIs and command-line tools that accept PEM alongside other formats (such as DER and PKCS#12) for converting, inspecting, and using certificates and keys.",[23,26,29,32,35,38],{"title":24,"url":25},"IANA media type: application/pem-certificate-chain","https://www.iana.org/assignments/media-types/application/pem-certificate-chain",{"title":27,"url":28},"RFC 7468: Textual Encodings of PKIX, PKCS, and CMS Structures","https://www.rfc-editor.org/info/rfc7468/",{"title":30,"url":31},"OpenSSL documentation: pem","https://docs.openssl.org/1.0.2/man3/pem/",{"title":33,"url":34},"OpenSSL documentation: openssl-format-options","https://docs.openssl.org/4.0/man1/openssl-format-options/",{"title":36,"url":37},"Apache HTTP Server 2.4: mod_ssl documentation","https://httpd.apache.org/docs/2.4/mod/mod_ssl.html",{"title":39,"url":40},"Wikipedia: Privacy-Enhanced Mail (PEM)","https://en.wikipedia.org/wiki/Privacy-Enhanced_Mail",{"windows":42,"macos":45,"linux":48,"ios":51,"android":53},[43,44],"Open the .pem in a text editor (e.g., Notepad) to confirm it contains “-----BEGIN …-----” / “-----END …-----” blocks.","If you need to inspect or convert it, use OpenSSL command-line tools (they accept PEM as an input/output format) and run the appropriate certificate/key command for your task.",[46,47],"Open the .pem in TextEdit (as plain text) to view the BEGIN/END markers and identify whether it is a certificate, key, or chain.","For validation/conversion, use OpenSSL from the Terminal; OpenSSL tools support PEM as an input/output format.",[49,50],"Open the .pem with a text viewer/editor (less, nano, vim) to verify the encapsulation boundaries (BEGIN/END) and see what object type it is.","Use OpenSSL command-line tools to parse, validate, or convert the PEM content (OpenSSL supports PEM as an input/output format).",[52],"You can view a .pem as text in a file viewer app to see its BEGIN/END blocks, but most practical operations (validation/conversion or server configuration) are typically done on a desktop/server using OpenSSL.",[54],"Open the .pem in a text-capable file viewer to inspect the BEGIN/END markers; for actual certificate/key operations, transfer it to a desktop/server environment and use OpenSSL.",[56,62,68,74],{"title":57,"description":58,"steps":59},"The file opens as plain text and doesn’t “install” like a certificate","PEM is an encoding/container; it can hold different objects (certificate, key, CSR, chain). Many systems expect specific certificate stores or different file formats for import, so double-clicking may just show text.",[60,61],"Open the file and check the BEGIN/END label (e.g., CERTIFICATE vs PRIVATE KEY) to identify what it contains.","Use OpenSSL to inspect/convert as needed; OpenSSL supports PEM as an input/output format.",{"title":63,"description":64,"steps":65},"Server configuration fails because the file is the wrong PEM type (certificate vs key vs chain)","TLS server configuration typically requires separate files or specific ordering (certificate and matching private key, plus intermediates). A .pem might contain only a leaf certificate, only a key, or a full chain.",[66,67],"Verify which blocks are present by opening the .pem and reading the BEGIN/END lines.","If configuring Apache httpd with mod_ssl, ensure you are providing the correct PEM-encoded X.509 certificate and the corresponding PEM-encoded key as required by your configuration.",{"title":69,"description":70,"steps":71},"Paste/email formatting breaks the PEM (invalid Base64 or missing boundaries)","PEM relies on exact encapsulation boundaries and valid Base64 content. Extra spaces, missing dashes, or truncated lines can make tools reject the file.",[72,73],"Confirm the file contains intact “-----BEGIN …-----” and “-----END …-----” lines with no extra characters.","Re-export or re-download the PEM from the original source if the file appears altered, then re-try with OpenSSL.",{"title":75,"description":76,"steps":77},"Certificate chain order is incorrect","When a .pem contains a certificate chain (multiple CERTIFICATE blocks), some software expects a particular ordering (typically leaf first, then intermediates). The IANA-registered media type application/pem-certificate-chain is specifically for certificate chains in PEM encoding.",[78,79],"Check whether the .pem contains multiple CERTIFICATE blocks (a chain).","If your TLS software rejects it, rebuild the chain file in the order expected by that software and re-test.",[81,82,83],"A .pem file may contain a private key (e.g., “BEGIN PRIVATE KEY” or similar); treat such files as secrets, restrict file permissions, and avoid sending them over insecure channels.","PEM is human-readable text; it is easy to accidentally paste it into tickets/chats/logs. Be especially careful not to disclose private keys or full certificate chains that reveal internal PKI structure.","Do not assume “.pem = certificate only”: always inspect the BEGIN/END label before sharing or importing, because keys and CSRs can look similar at a glance.",[85,88,91,94],{"question":86,"answer":87},"What is inside a .pem file?","PEM is a text encoding (RFC 7468) that wraps Base64 data between BEGIN/END boundary lines. A .pem can contain certificates, private keys, CSRs, CRLs, or a certificate chain (multiple certificates).",{"question":89,"answer":90},"Is .pem the same as .crt or .cer?","They can represent the same kind of certificate, but the difference is often the encoding and conventions. PEM is the textual Base64-with-boundaries encoding; some .crt/.cer files are PEM, while others may be DER (binary).",{"question":92,"answer":93},"How do I know if my .pem contains a private key?","Open it in a text editor and look at the first BEGIN line. If it says something like “BEGIN PRIVATE KEY” (or another key label), it contains a private key and should be protected.",{"question":95,"answer":96},"What MIME type is associated with PEM certificate chains?","IANA registers application/pem-certificate-chain for PEM-encoded certificate chains, and it lists .pem as a file extension.",[],[99],"application/pem-certificate-chain",[101,107,113,119,124,129,135,140],{"ext":102,"name":103,"category":7,"categoryName":8,"popularity":104,"summary":105,"howToOs":106},"pfx","Personal Information Exchange (PFX)",78,".pfx is a PKCS #12 (PFX) container used to bundle certificates and (often) the associated private key into a single, typically password-protected file for import/export between systems.",[13,14,15,16,17],{"ext":108,"name":109,"category":7,"categoryName":8,"popularity":110,"summary":111,"howToOs":112},"p12","PKCS#12 Certificate Bundle",65,".p12 is a PKCS #12 (also called PFX) container used to bundle an X.509 certificate chain together with its corresponding private key, typically protected by a password. It’s commonly opened/imported by certificate/key management tools such as Apple Keychain Access and OpenSSL.",[13,14,15,16,17],{"ext":114,"name":115,"category":7,"categoryName":8,"popularity":116,"summary":117,"howToOs":118},"csr","PKCS #10 Certificate Signing Request",55,".csr files are certificate signing requests used to obtain an X.509 certificate from a certificate authority (CA). They commonly contain a PKCS #10 request encoded as PEM (text) or DER (binary) and can be inspected or generated with OpenSSL.",[13,14,15,16,17],{"ext":120,"name":121,"category":7,"categoryName":8,"popularity":116,"summary":122,"howToOs":123},"der","DER-encoded X.509 Certificate",".der files most commonly contain binary DER-encoded ASN.1 data, especially X.509 certificates. They are typically opened for inspection or conversion using certificate tools such as OpenSSL.",[13,14,15,16,17],{"ext":125,"name":126,"category":7,"categoryName":8,"popularity":116,"summary":127,"howToOs":128},"p7b","PKCS #7 Certificate Bundle (P7B)",".p7b is a PKCS #7 container most commonly used to bundle X.509 certificates (and sometimes certificate revocation lists) for import or exchange. It typically does not include a private key and is often used in S/MIME and certificate deployment workflows.",[13,14,15,16,17],{"ext":130,"name":131,"category":7,"categoryName":8,"popularity":132,"summary":133,"howToOs":134},"ac","X.509 Attribute Certificate",35,".ac most commonly refers to an X.509 Attribute Certificate (authorization certificate) used in PKIX systems to carry privileges/roles separately from an identity certificate.",[13,14,15,16,17],{"ext":136,"name":137,"category":7,"categoryName":8,"popularity":132,"summary":138,"howToOs":139},"p7s","PKCS #7 / S/MIME Digital Signature (detached signature)",".p7s files are PKCS #7 signature objects most commonly used as detached digital signatures for S/MIME-signed email. You typically open them by verifying the signature in an email client or by inspecting/verifying with OpenSSL.",[13,14,15,16,17],{"ext":141,"name":142,"category":7,"categoryName":8,"popularity":143,"summary":144,"howToOs":145},"p7c","PKCS #7 / CMS certificate container (certs-only SignedData)",25,".p7c is a PKCS #7/CMS container most commonly used to carry X.509 certificates (often a “certs-only”/degenerate SignedData structure). It’s typically opened or inspected with certificate tools or OpenSSL rather than a document viewer.",[13,14,15,16,17],[147,150,153],{"label":148,"to":149},"Home","/",{"label":151,"to":152},"File Extension Index","/file-extension",{"label":154,"to":155},".PEM","/file-extension/pem","category-certificates","/category/certificates","Learn what .PEM files are, how to open them on every platform, common fixes, and security best practices.",[13,14,15,16,17],[161,164,167,170,173],{"os":13,"label":162,"to":163},"Open .PEM on Windows","/how-to/open-pem-on-windows",{"os":14,"label":165,"to":166},"Open .PEM on Mac","/how-to/open-pem-on-mac",{"os":15,"label":168,"to":169},"Open .PEM on Linux","/how-to/open-pem-on-linux",{"os":16,"label":171,"to":172},"Open .PEM on iOS","/how-to/open-pem-on-ios",{"os":17,"label":174,"to":175},"Open .PEM on Android","/how-to/open-pem-on-android",[57,63,69,75],[60,61],[],"untrusted_source",[181,185],{"name":182,"description":183,"affiliateUrl":184},"Avast","Avast offers free and premium antivirus software that protects against viruses, malware, ransomware, and phishing. Scan files before opening them to ensure safety.","https://www.avast.com/lp-aff-consumer-store?expid=inf601",{"name":186,"description":187,"affiliateUrl":188},"Norton","Norton 360 delivers comprehensive antivirus protection, VPN, and identity theft monitoring. Scan files for threats before opening to keep your device secure.","http://buy.norton.com/aff_home?utm_campaign=en-ww_nor_n36_aff_nas_nau_nah_cj_nad_low:_sec_nat_mktc_norton_360"]