OK, I am tired of forgetting this information and having to re-research it. A PEM file is an X.509 digital certificate, specifically a “Base64 encoded DER certificate” (thank you Wikipedia). The components are concatenated in the following format: Private key (optional) Server certificate Intermediate certificate (optional) Root certificate (optional) or, in other words, cat server.key server.crt ca-bundle.crt >> server.pem. That is my final word on the subject. …