Technology Encyclopedia Home >What certificate format should be filled in for live HTTPS configuration?

What certificate format should be filled in for live HTTPS configuration?

Created on 2025-06-19 12:05:35
7

For live HTTPS configuration, the recommended certificate format is PEM (Privacy-Enhanced Mail). PEM is a base64-encoded format that includes the certificate and private key in plain text, typically enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- (or similar headers for the private key).

Explanation:

  • PEM is widely supported by web servers like Nginx, Apache, and Tencent Cloud's SSL Certificate Service.
  • It requires the certificate file (.crt or .pem) and the private key file (.key).
  • If your certificate is in another format (e.g., PFX or DER), you must convert it to PEM using tools like OpenSSL.

Example:

A PEM certificate file (example.com.crt) might look like:

-----BEGIN CERTIFICATE-----  
MIIFazCCBFOgAwIBAgISA...  
... (base64-encoded data) ...  
-----END CERTIFICATE-----

A PEM private key file (example.com.key) might look like:

-----BEGIN PRIVATE KEY-----  
MIIEvQIBADANBgkqh...  
... (base64-encoded data) ...  
-----END PRIVATE KEY-----

Tencent Cloud Recommendation:

For HTTPS deployment on Tencent Cloud, upload the PEM-formatted certificate and private key in the SSL Certificate Service or directly configure them in services like Tencent Cloud Load Balancer or CDN. Tencent Cloud also provides free SSL certificates via the SSL Certificate Service, which are automatically issued in PEM format.