Log in Book demo Start free trial
Docs Certificate Tools
Features

Certificate Tools

A set of built-in utilities for everyday certificate and key operations — no OpenSSL commands needed.

All tools are available under Tools in the left-hand menu. Paste PEM content or upload a file for each operation.

Certificate Decoder Tools → Cert Decoder

Paste a PEM-encoded certificate (or upload a .crt / .pem file) to instantly see all its fields in a readable format:

  • Subject and Issuer (CN, O, OU, C)
  • Validity period and days remaining
  • Subject Alternative Names (SANs)
  • Key type, size, and algorithm
  • Serial number, fingerprints (SHA-1, SHA-256)
  • Certificate chain (if multiple certs are pasted)
Tip: Use this to verify a certificate before installing it — confirm the CN, SANs, and expiry date match what you expect.

CSR Generator & Decoder Tools → CSR

Two tools in one:

  • Generate a CSR — fill in the certificate fields (CN, O, OU, country, SANs) and choose a key algorithm (RSA 2048/4096 or ECDSA P-256/P-384). CertControl generates the private key and CSR server-side and lets you download both. Submit the CSR to your CA of choice.
  • Decode a CSR — paste an existing CSR to inspect its contents before submitting it to a CA. Verifies the SANs, key size, and signature algorithm.
Tip: After the CA returns the signed certificate, use the Key Matcher tool to confirm the certificate matches the private key before deploying.

Key Matcher Tools → Key Matcher

Verify that a certificate and a private key belong together before deploying them. Paste or upload both files — CertControl compares the public key embedded in the certificate against the public key derived from the private key and confirms whether they match.

This prevents the most common deployment error: installing a certificate with the wrong private key, which causes an immediate TLS handshake failure.

Supports RSA and ECDSA key pairs. Accepts -----BEGIN PRIVATE KEY-----, -----BEGIN RSA PRIVATE KEY-----, and -----BEGIN EC PRIVATE KEY----- formats.

SSL Converter Tools → SSL Converter

Convert certificates between common formats without leaving the browser:

  • PEM → DER — for Java, Android, and systems that require binary DER format
  • DER → PEM — convert binary certificates back to base64-encoded PEM
  • PEM → PKCS#7 (.p7b) — used by Windows servers and IIS
  • PKCS#7 → PEM — extract individual certificates from a .p7b bundle
All conversions happen server-side and the result is returned as a file download. Certificate content is not stored.

Keystore Inspector & Converter Tools → Keystore

Work with Java KeyStore (.jks) and PKCS#12 (.p12 / .pfx) files:

  • Inspect — upload a keystore and enter the password to list all entries, view certificate details, expiry dates, and key aliases
  • Convert JKS ↔ PKCS#12 — convert between the two keystore formats
  • PEM → Keystore — bundle a PEM certificate and private key into a new keystore file ready for deployment
  • Keystore → PEM — extract the certificate and private key from a keystore back to PEM format
Tip: Use Inspect before a renewal to confirm which alias and certificate is currently active in your keystore — avoids deploying to the wrong alias.
Previous: Phishing Detection Back to Docs