.Cer or Pfx file which one need to used for WCF secure communication RRS feed

  • Question

  • We know that.... cer - certificate stored in the X.509 standard format. This certificate contains information about the certificate's owner... along with public and private keys.

    pfx - stands for personal exchange format. It is used to exchange public and private objects in a single file. A pfx file can be created from .cer file. Can also be used to create a Software Publisher Certificate.

    when we try to secure WCF communication then what kind of certificate we should use....Cer or Pfx file ?

    please guide. thanks

    Thursday, July 24, 2014 1:27 PM


  • Hi,

    First please try to refer to the following:

    CER files: CER file is used to store X.509 certificate. Normally used for SSL certification to verify and identify web servers security. The file contains information about certificate owner and public and private certificate keys. A CER file can be in binary (ASN.1 DER) or encoded with Base-64 with header and footer included (PEM), Windows will recognize either of these layout.

    PFX files Personal Exchange Format, is a PKCS12 file. This contains a variety of cryptographic information, such as certificates, root authority certificates, certificate chains and private keys. It’s cryptographically protected with passwords to keep private keys private and preserve the integrity of the root certificates. The PFX file is also used in various Microsoft products, such as IIS.

    >>when we try to secure WCF communication then what kind of certificate we should use....Cer or Pfx file ?

    In my mind, when we doing client certificate authentication, we require client certificate to be installed on client. Then it is  .pfx file. Because client authentication is about having the client do something that only that client can do; so the client must know something which is not public, and that's the private key. Thus, the client must have a private key along with its certificate; if the key was generated out of the client browser, then the expected setup is to import it into the client along with the certificate. Therefore, a .pfx file.

    Best Regards,
    Amy Peng

    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Friday, July 25, 2014 6:21 AM