People used to say -
cer - certificate stored in the X.509 standard format. This certificate contains information about the certificate's owner... along with public and private keys.
pfx - stands for personal exchange format. It is used to exchange public and private objects in a single file. A pfx file can be created from .cer file. Can also be used to create a Software Publisher Certificate.
** got ref from this link What is the difference between a cer, pvk, and pfx file? **
but nobody is saying when we should use CERT file and when we should use PFX file. If possible please discuss the situation when we should go for CERT file & when we should go for PFX file. Thanks.
A .pfx includes both the public and private key for the associated certificate (NEVER share this outside your organization); it can be used for TLS/SSL on web site, for digitally signing messages or authorization tokens, or for authenticating to a partner system. A .cer file only has the public key (this is what you typically exchange with integration partners); it can be used to verify tokens or client authentication requests, and it is what is received by an HTTP client from a server in the SSL handshake.