A junior security professional on your team is trying to export a public certificate and share it with a colleague outside of the IT department. They ask you if they should use a CER or PFX format. Which format should be used?
It is okay to share a public certificate stored in a .CER file. However a .PFX file (called a PKCS 12 archive) because it also includes the private key which should never be shared!
In cryptography, PKCS #12 defines an archive file format for storing many cryptography objects as a single file. It is commonly used to bundle a private key with its X.509 certificate or to bundle all the members of a chain of trust.
A PKCS #12 file may be encrypted and signed. The internal storage containers, called "SafeBags", may also be encrypted and signed. A few SafeBags are predefined to store certificates, private keys and CRLs. Another SafeBag is provided to store any other data at individual implementer's choice.PKCS #12 is one of the family of standards called Public-Key Cryptography Standards (PKCS) published by RSA Laboratories.
The filename extension for PKCS #12 files is .p12 or .pfx.These files can be created, parsed and read out with the OpenSSL pkcs12 command.