// ssl toolkit
$ ssl-certificate-tools

Decode, validate, and convert certificates. Privacy-first, in-memory processing. Self-host for full control.

zero persistence CSR, CRT, PFX/P12 copy-ready outputs

SSL Certificate Decoder

Paste any PEM or DER certificate to see subject, issuer, SAN, validity, and serial details instantly.

Sample Test Data
RSA Leaf Certificate
CN=sample.example.com, RSA 2048-bit, SAN included
EC Leaf Certificate
CN=ec-sample.example.com, P-256 curve
Root CA Certificate
Self-signed Root CA, RSA 2048-bit
Intermediate CA Certificate
Signed by Root CA, issues leaf certs

Certificate & Key Matcher

Verify if a private key pairs with a certificate. Outputs a clear yes/no without persisting any material.

⚠️ Security Notice
This is for testing only. Do not paste production private keys. Use disposable or development keys.
Run it locally for maximum isolation: docker image
Sample Test Data
RSA Pair (Match)
RSA cert + matching RSA private key
EC Pair (Match)
EC cert + matching EC private key (P-256)
Mismatch
RSA cert + EC private key (should fail)
CLI alternative (local): # Compare modulus (RSA keys) openssl x509 -noout -modulus -in cert.pem | openssl md5 openssl rsa -noout -modulus -in key.pem | openssl md5 # Matching hashes mean the pair is valid

CSR Decoder

Inspect a Certificate Signing Request to see CN, SAN, key type, and size before submission.

Sample Test Data
RSA CSR
CN=sample.example.com, RSA 2048-bit with SAN
EC CSR
CN=ec-sample.example.com, P-256 curve

Certificate Converter

Flip between PEM, DER/CRT, and PFX/P12. Upload binaries or paste base64. Passwords stay in-memory only.

⚠️ Security Notice
Converter may handle private keys when PFX/P12 files are provided. Use non-production material or host locally.
Self-host: docker image
Sample Test Data
PEM Certificate
RSA leaf cert in PEM format, convert to DER/PFX
PEM Cert + Key (to PFX)
RSA cert + private key pasted together, convert to PFX
PFX/P12 Bundle (to PEM)
RSA cert + key + chain, no password, base64-encoded
PEM to PFX: Paste both the certificate and private key into the text area below. Order does not matter.
PFX to PEM: Upload the .pfx/.p12 file above, or paste base64-encoded content:
base64 -i certificate.pfx | pbcopy (macOS)  base64 certificate.pfx (Linux)