Certificates - .cer + .pfx

Question

I'm learning how to work with certificates, but I can't figure out the relation between a .pfx and a .cer

I understand that a .cer is a certificate, while a .pfx is a file which may contain various information (including certificate I guess).

For example, at work there is an app that uses certificates and uses an xml to reference those files

<node name="Traffic_Watcher">
    <map />
    <entry key="certificatePath" value="traffic_watcher.cer" />
    <entry key="privateKeyFile" value="traffic_watcher.pfx" />
    <entry key="privateKeyFilePassword" value="password" />
</node>

Why could both files being needed? Is this normal or just this app?

Answer 1

A pfx file is a keystore, which is a container that holds private keys, public keys, and certificates. It can also be password protected, as it is in this case to protect the private key.

The certificate file contains a public key that is bound to an identity and signed.

It looks like the app wants the certificate in one file and the private key in another file. It is possible to have both in the pfx, but in this case, the app is looking for 2 different entries.

It's not uncommon to have a separate certificate file, since you can give that out freely to others, so they can verify your signatures (created from your private key), or use it to encrypt a message that only your private key can decrypt. In this scenario, you would never give out the pfx file containing the private key, but you could give out the cer file.