Jump to content
Welcome to our new Citrix community!

SSL Certificates Format - Netscaler ADC


Sudhir Bhagat

Recommended Posts

Hi, 

 

What is the difference between .pfx format and .cer format SSL Certificates. 

 

Searched on internet, majority of the examples were with .cer format certificates, however with some articles they are using .pfx format certificate. 
 

Where to use .CER format and where to use .PFX format . Will there be any difference in configuration process too.  

 

Regards

***

Link to comment
Share on other sites

They are different formats for encoding certificates. For a full discussion, see here.

The .pfx format is usually used for the web server certificate when it includes the private key, and is protected with a password.

The .cer format is used when receiving the certificate from the CA, before merging it with the private key (which is only saved on the server that generated the CSR). It's also used for Intermediate and root certificates which do not need a password.

Link to comment
Share on other sites

Hi,

 

Sam has explained this really well and point to the really nice article.

 

PFX: Personal Information Exchange

PFX format is bundle which store  server certificate, any intermediate certificates, and the private key into a single encryptable file. PFX files are usually found with the extensions .pfx.

 

A .cer file only has the public key (exchange with integration partners); it can be used to verify tokens or client authentication requests, and it is what is received by an HTTP client from a server in the SSL.

 

.cer and .pfx format can be use to configure any application to allow handle the traffic securely. Also form configuration side if you just upload the .cer file you may need to upload the private key and  intermediate certificates separately and .pfx file has everything in a single file.

 

Citrix has a article Here about different formats of SSL certificates

 

Thanks

Manoj

 

Link to comment
Share on other sites

That's almost, but not 100% true. Starts with: For good reason there is no standard like CER. I guess, you refer to Base64, the format, Citrix ADC likes best. You may use Base64 (PEM or DER) encoded format to store both, certificate and private key in the same file, even though, this is not very common. So you would see both, the file would look like that:

 

-----BEGIN CERTIFICATE-----
MIIFaTCCBFGgAwIBAgISA5AT48YDD7aUtPbAmo1 ...

HSvNNZ4kL+eIbJgjD6OFkfYv
-----END CERTIFICATE-----

-----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAAS...
mpGog7r6snDrI9zuZb6S5YryRA==
-----END PRIVATE KEY-----

sections in the same file.


PFX is a standard, mainly used in Microsoft environment, Base 64 encoded one of some in UNIX/Linux world.

 

Citrix ADC GUI can deal with PFX files, but Citrix NetScaler BSD got all Open-SSL tools installed and so command line may convert any format into any other. There are plenty of these encoding formats out there, and this is probably the reason why a simple thing like certificates seem to be mysterious to so many admins.

 

cheers

 

Johannes Norz

CTA, CCI, CCE-N

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...