证书-.cer + .pfx [英] Certificates - .cer + .pfx

问题描述

我正在学习如何使用证书，但无法弄清楚.pfx和.cer之间的关系

I'm learning how to work with certificates, but I can't figure out the relation between a .pfx and a .cer

我知道.cer是一个证书，而.pfx是一个可能包含各种信息(包括我认为的证书)的文件.

I understand that a .cer is a certificate, while a .pfx is a file which may contain various information (including certificate I guess).

例如，在工作中，有一个使用证书并使用xml引用这些文件的应用程序

For example, at work there is an app that uses certificates and uses an xml to reference those files

<node name="Traffic_Watcher">
    <map />
    <entry key="certificatePath" value="traffic_watcher.cer" />
    <entry key="privateKeyFile" value="traffic_watcher.pfx" />
    <entry key="privateKeyFilePassword" value="password" />
</node>

为什么两个文件都需要?这是正常的还是只是这个应用程序?

Why could both files being needed? Is this normal or just this app?

推荐答案

A pfx文件是密钥库，它是一个包含私钥，公钥和证书的容器.也可以用密码保护，因为在这种情况下是保护私钥.

A pfx file is a keystore, which is a container that holds private keys, public keys, and certificates. It can also be password protected, as it is in this case to protect the private key.

证书文件包含绑定到身份并经过签名的公共密钥.

The certificate file contains a public key that is bound to an identity and signed.

该应用似乎希望将证书放在一个文件中，并将私钥放在另一个文件中.可以在pfx中同时包含两者，但是在这种情况下，该应用正在寻找2个不同的条目.

It looks like the app wants the certificate in one file and the private key in another file. It is possible to have both in the pfx, but in this case, the app is looking for 2 different entries.

拥有一个单独的证书文件并不罕见，因为您可以将其免费分发给其他人，以便他们可以验证您的签名(从您的私钥创建)，或使用它来加密仅私钥可以签名的消息.解密.在这种情况下，您永远不会给出包含私钥的pfx文件，但是您可以给出cer文件.

It's not uncommon to have a separate certificate file, since you can give that out freely to others, so they can verify your signatures (created from your private key), or use it to encrypt a message that only your private key can decrypt. In this scenario, you would never give out the pfx file containing the private key, but you could give out the cer file.

这篇关于证书-.cer + .pfx的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！