Why do we need to install a .pfx (as opposed to .cer) certificate on Windows before you can make calls using a client certificate?

Question

Why do we need to install a .pfx (as opposed to .cer) certificate on Windows before you can make calls using a client certificate?

I wrote a small console application to make an HTTP call to a server using a client certificate. The code I wrote reads the .cer file from a specific location to make the request:

  X509Certificate Cert = X509Certificate.CreateFromCertFile("JohnDoe.cer");            
  HttpWebRequest Request = (HttpWebRequest)
  WebRequest.Create("https://10.135.12.166:4434");
  Request.ClientCertificates.Add(Cert);
  Request.UserAgent = "Client Cert Sample";
  Request.Method = "GET";
  HttpWebResponse Response = (HttpWebResponse) Request.GetResponse();

However, this code doesn't work if you don't have a certificate installed in the current user's private folder inside the certificate manager. More specifically, it only works when I have a .pfx certificate installed and not a .cer

As I understand it, the client certificate is only used for authentication, not encryption, right? Thus,

Why do we need a certificate ? Why can't my program just pick the .cer file from the location and send it with the request? AND,
Again, why do we need a .pfx certificate ? Why is n't .cer doing the job?

+3

ssl ssl-certificate x509certificate mmc mutual-authentication

GrowinMan 11 Aug 14 at 23:43

source to share

1 answer

Steffen ullrich · Answer 1 · 2014-08-12T05:36:17+0000

The .cer file contains the certificate. The certificate contains a public key. Authentication with certificates involves a cryptographic operation showing that you have a private private key that matches the public key in the (public) certificate. This private key is contained in the .pfx file.

Why do we need to install a .pfx (as opposed to .cer) certificate on Windows before you can make calls using a client certificate?

More articles: