diff --git a/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl b/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
index 931040379..ecbe599d7 100644
--- a/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
+++ b/apps/emqx_authn/src/simple_authn/emqx_authn_jwt.erl
@@ -215,7 +215,7 @@ create2(#{use_jwks := false,
           algorithm := 'public-key',
           certificate := Certificate,
           verify_claims := VerifyClaims}) ->
-    JWK = jose_jwk:from_pem_file(Certificate),
+    JWK = create_jwk_from_pem_or_file(Certificate),
     {ok, #{jwk => JWK,
            verify_claims => VerifyClaims}};
 
@@ -229,6 +229,16 @@ create2(#{use_jwks := true,
             {error, Reason}
     end.
 
+create_jwk_from_pem_or_file(CertfileOrFilePath)
+  when is_binary(CertfileOrFilePath);
+       is_list(CertfileOrFilePath) ->
+    case filelib:is_file(CertfileOrFilePath) of
+        true ->
+            jose_jwk:from_pem_file(CertfileOrFilePath);
+        false ->
+            jose_jwk:from_pem(iolist_to_binary(CertfileOrFilePath))
+    end.
+
 connector_opts(#{ssl := #{enable := Enable} = SSL} = Config) ->
     SSLOpts = case Enable of
                   true -> maps:without([enable], SSL);