What are those .pem files?


Hi Guys,

I’m in confusion with key files generated with our beloved LetsEncrypt.

We will get 4 .pem files,

1. fullchain.pem
2. privkey.pem
3. cert.pem
4. chain.pem

privkey.pem is clear enough to understand that it is Private key. But I don’t understand,

  1. what are the other files ?
  2. why it is for or for which we should use that ?

In AWS Elastic Load balancer, SSL Certificate configuration asks for

1. Private key
2. Public Key
3. Chain (optional)

Which .pem file I should use for Public key, fullchain.pem or chain.pem or cert.pem ? Could anyone help me understanding this ?


I’d expect you’d use cert.pem for the public key, and chain.pem for the chain.


To add to danb35: fullchain.pem is just a concatenation of cert.pem (your “public key”, although a certificate is much more ofcourse…) and chain.pem. This is because some implementations (such as Apache >= 2.4.8) will need the chain certificate in the same file as the leaf certificate.


By the way, with an assumption, I used like this only. But to know and to help others, I want to know it correctly.


Hello @sincerekamal,

The best answer should be provided by your hosting company, in this case Amazon. Anyway, from Configure an HTTPS Listener for Your Load Balancer

If you have an SSL certificate to upload, select Upload a new SSL Certificate to AWS Identity and Access Management (IAM).
Enter the name of the certificate.
In Private Key, copy and paste the contents of the private key file (PEM-encoded).
In Public Key Certificate, copy and paste the contents of the public key certificate file (PEM-encoded).
In Certificate Chain, copy and paste the contents of the certificate chain file (PEM-encoded)


Private Key --------> privkey.pem
Public Key ---------> cert.pem
Certificate Chain --> chain.pem



This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.