# Converting PEM to crt and key

If you receive pem formatted certificate and key files from a CA registrar, you will need to convert them for use by a linux host.

## Bundles and Chains<button aria-hidden="true" class="cc-wf6gg8" data-testid="anchor-button" type="button"><svg class="_1reo15vq _18m915vq _syaz1r31 _lcxvglyw _s7n4yfq0 _vc881r31 _1bsbpxbi _4t3ipxbi" fill="none" role="presentation" viewbox="0 0 16 16"></svg></button>

As well, it may be necessary to compose a certificate chain file, for the host, instead of a simple crt file.  
Doing so, is required for Nginx and some mobile apps, as both require the CA authority certs to be in the same file as the host certificate.  
To create a chain certificate, do this:

```bash
cat cert-start.pem ca-bundle.pem > full_chain.pem
```

## Pem to Crt<button aria-hidden="true" class="cc-wf6gg8" data-testid="anchor-button" type="button"><svg class="_1reo15vq _18m915vq _syaz1r31 _lcxvglyw _s7n4yfq0 _vc881r31 _1bsbpxbi _4t3ipxbi" fill="none" role="presentation" viewbox="0 0 16 16"></svg></button>

To convert the cert file (from pem) to crt, do this:

```bash
openssl x509 -outform der -in your-cert.pem -out your-cert.crt
```

## Pem to Key<button aria-hidden="true" class="cc-wf6gg8" data-testid="anchor-button" type="button"><svg class="_1reo15vq _18m915vq _syaz1r31 _lcxvglyw _s7n4yfq0 _vc881r31 _1bsbpxbi _4t3ipxbi" fill="none" role="presentation" viewbox="0 0 16 16"></svg></button>

To convert the private key (as pem) to key, do this:

```bash
openssl rsa -outform der -in private.pem -out private.key
```