Certificate Files: .Cer x .Pvk x .Pfx

Posted on by stack247

So, what are the differences between .cer, .pvk and .pfx certificate files?

In Windows platform, these file types are used for certificate information. Normally used for SSL certificate and Public Key Infrastructure (X.509).

CER

CER file is used to store X.509 certificate. Normally used for SSL certification to verify and identify web servers security. The file contains information about certificate owner and public and private certificate keys. A CER file can be in binary (ASN.1 DER) or encoded with Base-64 with header and footer included (PEM), Windows will recognize either of these layout.

This file can be generated using Certificate Creation Tool (makecert.exe) as shown in the link below.

SPC

Beside CER, there’s also SPC file, which is Software Publisher Certificate. It’s a different representation of certificate in PKCS #7 format.

You can generate a SPC file from a CER file.

PVK

Stands for Private Key. Windows uses PVK files to store private keys for code signing in various Microsoft products. PVK is proprietary format.

You can create a CER file based on a PVK file.

PFX

Or Personal Exchange Format, is a PKCS12 file. This contains a variety of cryptographic information, such as certificates, root authority certificates, certificate chains and private keys. It’s cryptographically protected with passwords to keep private keys private and preserve the integrity of the root certificates. The PFX file is also used in various Microsoft products, such as IIS.

PFX file can be created from a CER, SPC, or PVK file.

Source and further reading:
X.509
Software Publisher Certificate
Make Cert Command
IBM Certificate File Types

Published by stack247

6 thoughts on “Certificate Files: .Cer x .Pvk x .Pfx”

  1. You cannot extract pvk from cer. It has no sense, as it would be easy to sign my application with a private key from a Microsoft Certificate exported from the store.

Leave a comment