Certificate Files: .Cer x .Pvk x .Pfx

22 Apr

So, what are the differences between .cer, .pvk and .pfx certificate files?

In Windows platform, these file types are used for certificate information. Normally used for SSL certificate and Public Key Infrastructure (X.509).


CER file is used to store X.509 certificate. Normally used for SSL certification to verify and identify web servers security. The file contains information about certificate owner and public and private certificate keys. A CER file can be in binary (ASN.1 DER) or encoded with Base-64 with header and footer included (PEM), Windows will recognize either of these layout.

This file can be generated using Certificate Creation Tool (makecert.exe) as shown in the link below.


Beside CER, there’s also SPC file, which is Software Publisher Certificate. It’s a different representation of certificate in PKCS #7 format.

You can generate a SPC file from a CER file.


Stands for Private Key. Windows uses PVK files to store private keys for code signing in various Microsoft products. PVK is proprietary format.

You can create a CER file based on a PVK file.


Or Personal Exchange Format, is a PKCS12 file. This contains a variety of cryptographic information, such as certificates, root authority certificates, certificate chains and private keys. It’s cryptographically protected with passwords to keep private keys private and preserve the integrity of the root certificates. The PFX file is also used in various Microsoft products, such as IIS.

PFX file can be created from a CER, SPC, or PVK file.

Source and further reading:
Software Publisher Certificate
Make Cert Command
IBM Certificate File Types


Posted by on April 22, 2013 in General


Tags: , , , ,

5 responses to “Certificate Files: .Cer x .Pvk x .Pfx

  1. Angelo

    May 26, 2013 at 4:52 am

    You cannot extract pvk from cer. It has no sense, as it would be easy to sign my application with a private key from a Microsoft Certificate exported from the store.

    • stack247

      May 28, 2013 at 6:46 am

      You are right! Thanks for the input, correction has been made.

  2. Cristi Diaconescu (@diaconescu)

    February 4, 2016 at 12:53 am

    I don’t think .cer files can contain private keys These are the files that should be shared with the public. According to this MSDN link, the only format that supports bundling private keys along with public keys/certs is the Personal Information Exchange format, i.e. the .pfx file.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: