Understanding the Use of client.pfx and server.pfx Files

SSL/TLS uses (almost always) server certificates to authenticate the server (which you validate using the root.cert). It can also optionally require that the client authenticates against the server using a certificate (mutual authentication). This is done in your case and the client.pfx file contains the client certificate and the associated private key. Only the client showing that it owns this certificate is accepted by the server.

This is probably the certificate for the server. I have no idea why you were given this file (since you shouldn’t need or have access to the servers private key) but you might use the servers certificate to make your application only accept this specific certificate for the server and not all certificates issued by the CA which match the servers name. This is also called certificate pinning or public key pinning.

Leave a Reply

Your email address will not be published. Required fields are marked *