Private key and certificate format

Ensure that the private key and the certificate files have the following format and structure:

Private key format
PEM-encoded and without a password protection. The pvk format is not supported. Ensure that the private key (private.key) is enclosed between the following statements:
-----BEGIN PRIVATE KEY-----
<<base64 string from private.key>>
-----END PRIVATE KEY-----
X509 certificate format
PEM-encoded. If you have also received the intermediate and root certificates as separate files, you should combine all of them into a single one. For example, if you have the primary certificate file (certificate.crt) and the intermediate certificate file (ca_intermediate.crt), ensure that you combine them in the following order, primary certificate first followed by the intermediate certificate:
-----BEGIN CERTIFICATE-----
<<primary certificate: base64 string from certificate.crt>>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<<intermediate certificate: base64 string from ca_intermediate.crt>>
-----END CERTIFICATE-----
If you received the root certificate (ca_root.crt) in addition to the intermediate certificate, combine them as follows:
-----BEGIN CERTIFICATE-----
<<primary certificate: base64 string from certificate.crt>>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<<intermediate certificate: base64 string from ca_intermediate.crt>>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<<root certificate: base64 string from ca_root.crt>>
-----END CERTIFICATE-----
Single file (private key with certificates) format
PEM-encoded. This file can contain both the private key and the primary certificate, or the private key and the chain of certificates, combined in the following order, and with the beginning and end tags on each certificate:
  • Private key and primary certificate:
    -----BEGIN CERTIFICATE-----
    <<primary certificate: certificate.crt>> 
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----
    <<private key: base64 string from private.key>>
    -----END PRIVATE KEY-----
  • Private key, primary certificate and intermediate certificate:
    -----BEGIN CERTIFICATE-----
    <<primary certificate: base64 string from certificate.crt>>
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    <<intermediate certificate: base64 string from ca_intermediate.crt>>
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----
    <<private key: base64 string from private.key>>
    -----END PRIVATE KEY-----
  • Private key, primary certificate, intermediate certificate and root certificate:
    -----BEGIN CERTIFICATE-----
    <<primary certificate: base64 string from certificate.crt>>
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    <<intermediate certificate: base64 string from ca_intermediate.crt>>
    -----END CERTIFICATE-----
    -----BEGIN CERTIFICATE-----
    <<root certificate: base64 string from ca_root.crt>>
    -----END CERTIFICATE-----
    -----BEGIN PRIVATE KEY-----
    <<private key: base64 string from private.key>>
    -----END PRIVATE KEY-----
If your file has DER-encoded or other formats, you can convert it to the PEM format, for example by using OpenSSL.