do I have to use pfx format certificate instead of a crt format certificate [Answered]RSS

1 reply

Last post May 02, 2019 02:09 AM by Jalpa Panchal

  • do I have to use pfx format certificate instead of a crt format certificate

    May 01, 2019 01:15 PM|raybristol|LINK

    Hi there, I wonder do I have to use pfx format ssl certificate instead of a crt format ssl certificate for website on iis 6? It seems both format can be installed for a website?


  • Re: do I have to use pfx format certificate instead of a crt format certificate

    May 02, 2019 02:09 AM|Jalpa Panchal|LINK

    Hi raybristol,

    If possible please use IIS 7 or above version. 

    There are two objects: the private key, which is what the server owns, keeps secret, and uses to receive new SSL connections; and the public key which is mathematically linked to the private key, and made "public": it is sent to every client as part of the initial steps of the connection.

    The certificate is, nominally, a container for the public key. It includes the public key, the server name, some extra information about the server, and a signature computed by a certification authority (CA). When the server sends its public key to a client, it actually sends its certificate, with a few other certificates (the certificate which contains the public key of the CA which signed its certificate, and the certificate for the CA which signed the CA's certificate, and so on). Certificates are intrinsically public objects.

    Some people use the term "certificate" to designate both the certificate and the private key; this is a common source of confusion. I personally stick to the strict definition for which the certificate is the signed container for the public key only.

    A .pfx file is a PKCS#12 archive: a bag which can contain a lot of objects with optional password protection; but, usually, a PKCS#12 archive contains a certificate (possibly with its assorted set of CA certificates) and the corresponding private key.

    On the other hand, a .cert (or .cer or .crt) file usually contains a single certificate, alone and without any wrapping (no private key, no password protection, just the certificate).

    If you want to convert a certificate from .crt to .pfx format you could follow below post:

    IIS 5 & 6 SSL Certificate Installation



    .NET forums are moving to a new home on Microsoft Q&A, we encourage you to go to Microsoft Q&A for .NET for posting new questions and get involved today.