Hi @Namless Shelter ,
Some things need to be clarified first. SSL is a protocols for establishing authenticated and encrypted links between networked computers.
A file with a .key suffix is the private key. You will get this file if you create a self-signed certificate or create your own CA. .pem files are wildcards. They can contain anything, and it's not uncommon to see them used for all different kinds of purposes. Luckily, they are all plain text, and are prefixed in a human-readable way。
.crt files are the same as .pem files, except they store certificate information in a different encoding. .crt is usually a pure binary copy of an ASN.1 encoded certificate. .pem is the same binary copy of the certificate converted to a base64 string and wrapped by the PEM header and footer. They only store public certificates, not private keys. And .cer files are similar to .crt files. So we usually refer to the certificates as .cer and .crt files. Because both can be distributed to any client without worrying about others cracking the private key information.
.p12 and .pfx files are very important files containing public and private keys (certificates generally only contain public keys). They are best not distributed to clients or people outside the organization. Usually the certificate imported in the server is the .pfx file, because the server needs to decrypt the encrypted information with the private key.
Compared with using IIS to import the certificate, I recommend importing it directly in the server. You can clearly know whether the certificate is stored locally or in the personal store. After the import is successful, these certificates will be displayed in the certificate list of IIS. Only by successfully importing the certificate can it be bound to a specific site to implement the SSL protocol. Refer to this docs about importing certificate.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
Best regards,
Bruce Zhang