The problem is that IIS's default handler mapping for .cer files is asp.dll. IIS is trying to "run" your cer file. You need to have .cer files treated as a StaticFile.
At the web site level, rename .cer to .cer-save or something like that.
Then in the mime type definitions, add an entry for .cer files for application/octet-stream.
Note: I don't know why the default IIS config is defined like that. Do this on a test server first to verify that it doesn't impact HTTPS sites.
PS C:\> Invoke-WebRequest localhost/test.cer
StatusCode : 200
StatusDescription : OK
Content : {60, 37, 32, 32...}
RawContent : HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Length: 343
Content-Type: application/octet-stream
Date: Fri, 16 Sep 2022 13:06:47 GMT
ETag: "6d1e2cb1c2c9d81:0"
Last-Modified: Fri, 16 Sep 2022 11:5...
Headers : {[Accept-Ranges, bytes], [Content-Length, 343], [Content-Type, application/octet-stream], [Date,
Fri, 16 Sep 2022 13:06:47 GMT]...}
RawContentLength : 343