CODEWITHSUNDEEP
.netiissslssl-certificate
peter
peter

Reputation: 8662

what is the difference between .cer and .pfx files

I have used a mkcert.exe tool to generate self signed .cer file and then pvk tool to generate .pfx file.I hosted a website in iis and then deployed a .pfx file in IIS server.When a client system access the site ,first it will prompt like certificate is not installed, after forcefully opening site, we will install certificate .cer file from browser Lock button, so that .cer file will be installed in our MMC certificate trusted store.

  1. What ever assumption made above my self are correct or not?

  2. Difference what i know is .pfx file contain both private and public key and .cer file contain only public key which we will install after prompting certificate not installed.Does that correct?

  3. SSL certicates means .Cer file??

  4. what is the singificance of Certificate authorities like verisign and godaddy
    if i am generating certicates by using the above procedure

  5. I installed a .pfx file in IIS and created seperate website in iis then assinged those certificates to this site by assigning seperate port for HTTPS say 8081 to this site so that the other sites running in default website node who is having seperate SSL ceriticate willnot make any issues and having seperate port for HTTPS.But all of a sudden one website coming under default site node stoppped working, how can i trouble shoot this issue?

Upvotes: 1

Views: 2515

Answers (1)

Scott Chamberlain
Scott Chamberlain

Reputation: 127573

  1. Everything looks correct
  2. Yes, pfx is just a container that wraps up the cer file and the pvk file in to a single package that is easy to deploy. Only the cer portion ever leaves the server in any request.
  3. Yes, the cer is the certificate. When you view the certificate in the browser you are looking at all the details inside the cer file.
  4. The significance is the skipping of the "it will prompt like certificate is not installed, after forcefully opening site, we will install certificate .cer file from browser Lock button", that step was already performed for you by your browser vendor or OS so GoDaddy's certificate is already on your computer. Then the GoDaddy certificate sitting on the computer is used to verify the cer file you sent when the user connected and your user never gets a error message.
  5. I would recommend asking a new question specific to this topic over at SuperUser or ServerFault

Upvotes: 2

Related Questions