PEM is a widely used encoding format for security certificates. Syntax and content is defined by X.509 v3 standards for digital certificates, defined in IETF RFC 5280 specifications. The main file extensions are .pem, .crt, .ca-bundle.
A PEM certificate is a base64 (ASCII) encoded block of data encapsulated between
-----BEGIN CERTIFICATE -----
-----END CERTIFICATE ----- lines.
Choosing Apache, Nginx, cPanel or other will get you a PEM-encoded SSL certificate. While going with Microsoft IIS, Tomcat will set PKCS7 encoding preference, which is suitable for trusted security certificates in Microsoft and Tomcat server environment.
In a nutshell, if you have chosen your server type correctly, and the server requires a certificate to be in PEM, you should receive it in PEM. So there is no need to create a PEM file since the certificate is already in PEM format. Though, in case of nginx it is required to combine your certificate with CA certificates in a single file. You will need to open the certificate in a text editor and paste a CA Bundle received from the Certificate Authority below your certificates in the same file. There should not be any blanks between the certificate’s footer and the Bundle’s header. The extensions like .crt, .cert should not confuse you since they do not influence the certificate’s format.
A certificate in PEM format can be downloaded right within the user account after the certificate is issued. Please refer to this guide.