If you want to create PFX certificate then follow this link- how-to-create-pfx-certificate-using-azure-app-service-certificate

If you have already created pfx certificate then there are 2 ways to generate .CER certificate. As you know pfx certificate will have both private and public key whereas authentication certificate (.CER) will have the public key only. So never share pfx certificate with outside clients.

For configuring Azure App Gateway, you need pfx certificate to for LISTENER and authentication certificate (Base-64 encoded X.509 .cer) for HTTP settings.

Option 1:

You can run below PowerShell command to generate .CER certificate using pfx certificate.  You will be required to provide the password for the pfx certificate

Get-PfxCertificate -FilePath "<provide path where .pfx certificate is placed>" | Export-Certificate -FilePath "<provide path where .cer certificate will be created>" -Type CERT


Option 2:

You can import the pfx certificate by double clicking on the certificate and then follow the prompts-


Now Open “Microsoft Management Console” (mmc) and follow the steps to create .cer certificate


On the new windows, go to File–>Add/Remove Snap In


Select the certificate and right click go to All Tasks–>Export



Now you have the .cer certificate ready.