Today, a code snippet that shows how to parse a certificate from a PEM-encoded key pair using Go. The function tls.X509KeyPair will do the hard work for us.

import (
func ParseCertificate(certificateBytes []byte, privateKeyBytes []byte) (tls.Certificate, error) {
var cert tls.Certificate
var err error
cert, err = tls.X509KeyPair([]byte(certificateBytes), []byte(privateKeyBytes))
if err != nil {
return cert, err
if len(cert.Certificate) > 1 {
return cert, errors.New("PEM file contains multiple certificates")
c, err := x509.ParseCertificate(cert.Certificate[0])
if c != nil && err == nil {
cert.Leaf = c
return cert, nil
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (Certificate, error)

X509KeyPair parses a public/private key pair from a pair of PEM encoded data. On successful return, Certificate.Leaf will be nil because the parsed form of the certificate is not retained.