以下是我个人的，超级浓缩的笔记，就这个主题目前与我有关，给任何感兴趣的人:

Both PKCS12 and PEM can store entire cert chains: public keys, private keys, and root (CA) certs. .pfx == .p12 == "PKCS12" fully encrypted .pem == .cer == .cert == "PEM" (or maybe not... could be binary... see comments...) base-64 (string) encoded X509 cert (binary) with a header and footer base-64 is basically just a string of "A-Za-z0-9+/" used to represent 0-63, 6 bits of binary at a time, in sequence, sometimes with 1 or 2 "=" characters at the very end when there are leftovers ("=" being "filler/junk/ignore/throw away" characters) the header and footer is something like "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" or "-----BEGIN ENCRYPTED PRIVATE KEY-----" and "-----END ENCRYPTED PRIVATE KEY-----" Windows recognizes .cer and .cert as cert files .jks == "Java Key Store" just a Java-specific file format which the API uses .p12 and .pfx files can also be used with the JKS API "Trust Stores" contain public, trusted, root (CA) certs, whereas "Identity/Key Stores" contain private, identity certs; file-wise, however, they are the same.

其实不久之前我也遇到过类似的事情……在MSDN上查看(见第一个答案)

总而言之:

.cer - certificate stored in the X.509 standard format. This certificate contains information about the certificate's owner... along with public and private keys. .pvk - files are used to store private keys for code signing. You can also create a certificate based on .pvk private key file. .pfx - stands for personal exchange format. It is used to exchange public and private objects in a single file. A pfx file can be created from .cer file. Can also be used to create a Software Publisher Certificate.

我根据评论中的建议总结了该页中的信息。

Windows对X.509证书使用.cer扩展名。这些可以是“二进制”(ASN.1 DER)，也可以用Base-64编码，并应用了页眉和页脚(PEM);Windows可以识别其中任何一种。要验证证书的完整性，您必须使用颁发者的公钥检查其签名…反过来，这是另一个证书。

Windows使用.pfx作为PKCS #12文件。该文件可以包含各种加密信息，包括证书、证书链、根授权证书和私钥。它的内容可以加密保护(使用密码)，以保持私钥私有并保持根证书的完整性。

Windows使用.pvk作为私钥文件。我不确定Windows在这些方面遵循什么标准(如果有的话)。希望它们是PKCS #8编码的密钥。据Emmanuel Bourg报道，这是一种专有格式。一些文档是可用的。

你不应该泄露你的私钥。它们包含在.pfx和.pvk文件中。

通常，您只与其他方交换您的证书(.cer)和任何中间发行者的证书(即，除根CA外的所有CA的证书)。

在Windows平台上，这些文件类型用于保存证书信息。通常用于SSL证书和公钥基础设施(X.509)。

CER files: CER file is used to store X.509 certificate. Normally used for SSL certification to verify and identify web servers security. The file contains information about certificate owner and public key. A CER file can be in binary (ASN.1 DER) or encoded with Base-64 with header and footer included (PEM), Windows will recognize either of these layout. PVK files: Stands for Private Key. Windows uses PVK files to store private keys for code signing in various Microsoft products. PVK is proprietary format. PFX files Personal Exchange Format, is a PKCS12 file. This contains a variety of cryptographic information, such as certificates, root authority certificates, certificate chains and private keys. It’s cryptographically protected with passwords to keep private keys private and preserve the integrity of the root certificates. The PFX file is also used in various Microsoft products, such as IIS.

更多信息请访问:证书文件:.Cer x .Pvk x .Pfx

以下是我个人的，超级浓缩的笔记，就这个主题目前与我有关，给任何感兴趣的人:

Both PKCS12 and PEM can store entire cert chains: public keys, private keys, and root (CA) certs. .pfx == .p12 == "PKCS12" fully encrypted .pem == .cer == .cert == "PEM" (or maybe not... could be binary... see comments...) base-64 (string) encoded X509 cert (binary) with a header and footer base-64 is basically just a string of "A-Za-z0-9+/" used to represent 0-63, 6 bits of binary at a time, in sequence, sometimes with 1 or 2 "=" characters at the very end when there are leftovers ("=" being "filler/junk/ignore/throw away" characters) the header and footer is something like "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" or "-----BEGIN ENCRYPTED PRIVATE KEY-----" and "-----END ENCRYPTED PRIVATE KEY-----" Windows recognizes .cer and .cert as cert files .jks == "Java Key Store" just a Java-specific file format which the API uses .p12 and .pfx files can also be used with the JKS API "Trust Stores" contain public, trusted, root (CA) certs, whereas "Identity/Key Stores" contain private, identity certs; file-wise, however, they are the same.