Summary of X.509 certificate file types
What is the difference between .spc and .cer? .pvk and .pfx?As part of my ongoing mission to try to understand X509 certificates I wanted to figure out how to copy a test SSL certificate from one PC to another. The problem is
makecert.exe
generated a .cer file and I needed a .pfx file to import the certificate on the other server.Use the
-pe
option with makecert.exe
to create and install a certificate with an exportable private key. This should allow you to export the .pfx file from Certificates console.Otherwise, use
cert2spc.exe
and pvkimprt.exe
to convert the .cer and .pvk created by makecert.exe
to a .pfx file:makecert -pe -n "CN=My Root CA, O=Test, OU=For Testing Only!" -ss my -sr LocalMachine -a sha1 -sky signature -r -sv test.pvk test.cer
cert2spc test.cer test.spc
pvkimprt -pfx test.spc test.pvk
Or use pvk2pfx
instead of the above:pvk2pfx -pvk test.pvk -spc test.cer -pfx test.pfx -po pfx_password_here -f
X.509 File Types:- .CER = "DER" encoded binary X.509 Certificate file, e.g. as created by makecert. Contains only the public key.
- .CRT = base-64 encoded X.509 certificate. (Not the same as a Microsoft standard base-64 .cer file...?)
- .SPC = Software Publisher's Certificate. PKCS #7 standard that contains X.509 certificates. The cert2spc.exe utility converts a .cer file to .spc. .spc files are used as input to signcode.exe.
- .PVK = private key file, e.g. as created by makecert.
- .PFX = Personal Exchange file, contains certs with both the public and private key. PKCS#12 standard, binary DER encoded.
- makecert.exe
- pvkimprt.exe
- cert2spc.exe
- selfssl.exe
- pvk2pfx.exe
- certmgr.exe