How can I check if the certificate file I have is in .pem format?

I have a root cert file and I don't know whether or not it is in .pem format. How do I check if it is in .pem format?

DER vs. CRT vs. CER vs. PEM Certificates and How To Convert Them

Quote from the support page:

View
====

Even though PEM encoded certificates are ASCII they are not human
readable.  Here are some commands that will let you output the
contents of a certificate in human readable form;
 
View PEM encoded certificate
----------------------------

Use the command that has the extension of your certificate replacing
cert.xxx with the name of your certificate

openssl x509 -in cert.pem -text -noout
openssl x509 -in cert.cer -text -noout
openssl x509 -in cert.crt -text -noout

If you get the folowing error it means that you are trying to view a DER encoded certifciate and need to use the commands in the “View DER encoded certificate 
below”
 
unable to load certificate
12626:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: TRUSTED CERTIFICATE View DER encoded Certificate


View DER encoded Certificate
----------------------------

openssl x509 -in certificate.der -inform der -text -noout

If you get the following error it means that you are trying to view a PEM encoded certificate with a command meant for DER encoded certs. Use a command in the “View PEM encoded certificate above

unable to load certificate
13978:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1306:
13978:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:380:Type=X509

A .pem format certificate will most likely be ASCII-readable. It will have a line -----BEGIN CERTIFICATE-----, followed by base64-encoded data, followed by a line -----END CERTIFICATE-----. There may be other lines before or after.

Reference CRL,CRT,CSR,NEW CSR,PRIVATE KEY, PUBLIC KEY Parser

CRL

-----BEGIN X509 CRL-----
-----END X509 CRL-----

CRT

-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----

CSR

-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----

NEW CSR

-----BEGIN NEW CERTIFICATE REQUEST-----
-----END NEW CERTIFICATE REQUEST-----

PEM

-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----

PKCS7

-----BEGIN PKCS7-----
-----END PKCS7-----

PRIVATE KEY

-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----

For OpenSSL to recognize it as a PEM format, it must be encoded in Base64, with the following header :

-----BEGIN CERTIFICATE-----

and footer :

-----END CERTIFICATE-----

Also, each line must be maximum 79 characters long. Otherwise you will receive the error :

2675996:error:0906D064:PEM routines:PEM_read_bio:bad base64 decode:pem_lib.c:818:

Note : the PEM standard (RFC1421) mandates lines with 64 characters long. A PEM certificate stored as a single line can be converted with the UNIX command-line utility

fold -w 64

Based on the way you formatted the question, I believe there is some confusion on what a .pem file is. The .pem part of a file is just the file extension, and I believe that what you actually want to know is how to tell if a file is PEM-encoded. A PEM-encoded file can show up in many file formats, such as .pem, .key, .cer, .cert, as well as others.

A simple way to check if a certificate is PEM-encoded is to use OpenSSL:

openssl x509 -noout -in input_file.pem
echo $?
> 0

As an example, the above command will fail for certificates that are in DER format instead of PEM and output an error:

139836630553024:error:0909006C:PEM routines:get_name:no start line:../crypto/pem/pem_lib.c:745:Expecting: TRUSTED CERTIFICATE

> How can I check if the certificate file I have is in .pem format

cat the file and look for the pre-encapsulated header and post-encapsulated header. The pre-encapsulated header is -----BEGIN CERTIFICATE----- or -----BEGIN X509 CERTIFICATE-----; and the post-encapsulated header is -----END CERTIFICATE----- or -----END X509 CERTIFICATE-----.

Encapsulated headers are discussed in RFC 1421. There is no standard list or comprehensive list of the objects in those headers (like CERTIFICATE or X509 CERTIFICATE). Most folks use OpenSSL's pem.h header for a list of object types.