Structuring and formatting of private keys and certificates

  • Private key format
    • PEM-encoded without password protection. Ensure that the private key (private.key) is enclosed between the following statements:
      -----BEGIN PRIVATE KEY-----
      <<base64 stringfrom private.key>>
      -----END PRIVATE KEY-----
    • PEM-encoded with password protection. Ensure that the private key (private.key) is enclosed between the following statements:
      -----BEGIN ENCRYPTED PRIVATE KEY-----
      <<base64 stringfrom private.key>>
      -----END ENCRYPTED PRIVATE KEY-----
  • X509 certificate format
    PEM-encoded. If you received the intermediate and root certificates as separate files, combine them into a single file. For example, if you have the primary certificate file (certificate.crt) and the intermediate certificate file (ca_intermediate.crt), combine them in the following order.
    BEGIN CERTIFICATE-----
    <<primary certificate: base64 stringfrom certificate.crt>>
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    <<intermediate certificate: base64 stringfrom ca_intermediate.crt>>
    -----END CERTIFICATE-----
    If you received the root certificate (ca_root.crt) in addition to the intermediate certificate, combine them in the following order.
    BEGIN CERTIFICATE-----
    <<primary certificate: base64 stringfrom certificate.crt>>
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    <<intermediate certificate: base64 stringfrom ca_intermediate.crt>>
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    <<root certificate: base64 stringfrom ca_root.crt>>
    -----END CERTIFICATE-----
  • Single file (private key with certificates) format
    PEM-encoded. This file can contain the private key and the primary certificate, or the private key and the chain of certificates combined in the following order:
    • Private key and primary certificate.
      -----BEGIN CERTIFICATE-----
      <<primary certificate: certificate.crt>> 
      -----END CERTIFICATE-----
      -----BEGIN PRIVATE KEY-----
      <<private key: base64 stringfrom private.key>>
      -----END PRIVATE KEY-----
    • Private key, primary certificate, and intermediate certificate.
      BEGIN CERTIFICATE-----
      <<primary certificate: base64 stringfrom certificate.crt>>
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      <<intermediate certificate: base64 stringfrom ca_intermediate.crt>>
      -----END CERTIFICATE-----
      -----BEGIN PRIVATE KEY-----
      <<private key: base64 stringfrom private.key>>
      -----END PRIVATE KEY-----
    • Private key, primary certificate, intermediate certificate, and root certificate.
      BEGIN CERTIFICATE-----
      <<primary certificate: base64 stringfrom certificate.crt>>
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      <<intermediate certificate: base64 stringfrom ca_intermediate.crt>>
      -----END CERTIFICATE-----
      -----BEGIN CERTIFICATE-----
      <<root certificate: base64 stringfrom ca_root.crt>>
      -----END CERTIFICATE-----
      -----BEGIN PRIVATE KEY-----
      <<private key: base64 stringfrom private.key>>
      -----END PRIVATE KEY-----