diff --git a/OpenVPN Adapter/OpenVPNCertificate.h b/OpenVPN Adapter/OpenVPNCertificate.h
index cc3677f..bcc2464 100644
--- a/OpenVPN Adapter/OpenVPNCertificate.h	
+++ b/OpenVPN Adapter/OpenVPNCertificate.h	
@@ -18,4 +18,6 @@
 
 - (nonnull instancetype) __unavailable init;
 
+- (nullable NSData *)pemData:(out NSError * __nullable * __nullable)error;
+
 @end
diff --git a/OpenVPN Adapter/OpenVPNCertificate.m b/OpenVPN Adapter/OpenVPNCertificate.m
index df8e3f2..0b1e839 100644
--- a/OpenVPN Adapter/OpenVPNCertificate.m	
+++ b/OpenVPN Adapter/OpenVPNCertificate.m	
@@ -7,6 +7,7 @@
 //
 
 #import <mbedtls/x509_crt.h>
+#import <mbedtls/pem.h>
 
 #import "NSError+Message.h"
 #import "OpenVPNError.h"
@@ -70,6 +71,31 @@
     return certificate;
 }
 
+- (NSData *)pemData:(out NSError **)error {
+    NSString *header = @"-----BEGIN CERTIFICATE-----\n";
+    NSString *footer = @"-----END CERTIFICATE-----\n";
+    
+    size_t buffer_length = self.crt->raw.len * 2;
+    unsigned char *pem_buffer = malloc(buffer_length);
+    
+    size_t output_length = 0;
+    
+    int result = mbedtls_pem_write_buffer(header.UTF8String, footer.UTF8String, self.crt->raw.p, self.crt->raw.len, pem_buffer, buffer_length, &output_length);
+    if (result < 0) {
+        if (error) {
+            NSString *reason = [NSError reasonFromResult:result];
+            *error = [NSError errorWithDomain:OpenVPNIdentityErrorDomain code:result userInfo:@{
+                NSLocalizedDescriptionKey: @"Failed to write PEM data.",
+                NSLocalizedFailureReasonErrorKey: reason
+            }];
+        }
+        
+        return nil;
+    }
+    
+    return [NSData dataWithBytes:pem_buffer length:output_length];
+}
+
 - (void)dealloc {
     mbedtls_x509_crt_free(self.crt);
     free(self.crt);