SSL Certificate Toolkit

Complete suite of SSL certificate tools for checking, decoding, matching, and converting certificates.

SSL Certificate Information

CSR Decoder

Paste your Certificate Signing Request (CSR) below to decode and view its information.

CSR Information
About CSR Decoder

Decode and verify your Certificate Signing Request to ensure it contains the correct information before submitting to a Certificate Authority.

What is a CSR?

A Certificate Signing Request (CSR) is a block of encoded text containing:

  • Company information for SSL certificate issuance
  • SSL public key data
  • Domain name and organizational details
Why Decode CSRs?

Since CSRs are encoded, it's difficult to verify their contents. Certificate Authorities use this information to create certificates, so accuracy is crucial. Our decoder helps you verify all details before submission.

Format Requirements:
Your CSR should start with -----BEGIN CERTIFICATE REQUEST-----
and end with -----END CERTIFICATE REQUEST-----
OpenSSL Command

Check CSRs locally with OpenSSL:

openssl req -in mycsr.csr -noout -text

Certificate Decoder

Paste your SSL certificate below to decode and view its information.

Certificate Information
About Certificate Decoder

Decode your PEM encoded SSL certificate to view and verify all certificate information and public key details.

What is a PEM Certificate?

A PEM encoded certificate is a block of encoded text containing:

  • Complete certificate information
  • Public key data
  • Issuer and validity details
  • Certificate chain information
Why Decode Certificates?

Decoding certificates helps you verify the certificate details before installation, troubleshoot SSL issues, and ensure the certificate matches your domain and organization information.

Format Requirements:
Your certificate should start with -----BEGIN CERTIFICATE-----
and end with -----END CERTIFICATE-----
Windows Tip: You can also view certificate information by double-clicking the certificate file on Windows machines.
OpenSSL Command

Decode certificates locally with OpenSSL:

openssl x509 -in certificate.crt -text -noout

Certificate Key Matcher

Check if certificates, private keys, and CSRs match each other.

Match Results
About Certificate Key Matcher

Verify that your certificates, private keys, and CSRs match to ensure proper SSL configuration and avoid certificate installation issues.

What Does This Tool Do?

The Certificate Key Matcher helps you verify relationships between:

  • Private Key ↔ Certificate: Ensures they form a valid pair
  • CSR ↔ Certificate: Confirms the certificate was issued from the CSR
  • Public Key Hashes: Compares cryptographic fingerprints
Why Check Key Matching?
Prevent SSL installation failures
Troubleshoot certificate issues
Verify certificate authenticity
Organize certificate files
How It Works: The tool compares SHA256 hashes of the public keys from your files. Matching hashes confirm the files belong together.
OpenSSL Commands

Check key matching locally:

Private Key Hash:
openssl pkey -in privateKey.key -pubout -outform pem | sha256sum
Certificate Hash:
openssl x509 -in certificate.crt -pubkey -noout -outform pem | sha256sum
CSR Hash:
openssl req -in CSR.csr -pubkey -noout -outform pem | sha256sum
Security Notice

Your private key should remain on your server. While we use SSL encryption during transmission, for maximum security we recommend:

  • Use the OpenSSL commands above to check hashes locally
  • Only upload keys when absolutely necessary
  • Consider performing a private key consistency check if tampering is suspected
Learn about private key consistency checks

SSL Certificate Converter

Convert SSL certificates between different formats (PEM, DER, PKCS#7, PKCS#12).

Click to select or drag and drop your certificate file

Supported formats: .pem, .crt, .cer, .key, .der, .p7b, .p7c, .pfx, .p12
Conversion Results
About SSL Certificate Converter

Convert SSL certificates between different formats (PEM, DER, P7B, PFX) to ensure compatibility across various platforms and servers.

Why Convert Certificates?

Different platforms require specific certificate formats:

Windows: PFX files (.pfx, .p12)
Apache: PEM files (.crt, .cer)
Java/Tomcat: DER or P7B files
Cloud Services: Various formats
How to Use: Select your certificate file, choose the current format (auto-detected from extension), select target format, and click Convert Certificate.
Security Recommendation
For PFX conversions containing private keys, use OpenSSL commands locally to keep your private key secure on your server.
See OpenSSL commands below for local conversion options.
PEM Format

Extensions: .pem, .crt, .cer, .key

Encoding: Base64 ASCII

Usage: Apache, Nginx, most servers

-----BEGIN CERTIFICATE-----
DER Format

Extensions: .der, .cer

Encoding: Binary

Usage: Java platforms

Binary certificate data
P7B Format

Extensions: .p7b, .p7c

Encoding: Base64 ASCII

Usage: Windows, Java Tomcat

-----BEGIN PKCS7-----
PFX Format

Extensions: .pfx, .p12

Encoding: Binary (encrypted)

Usage: Windows servers

Contains cert + private key
OpenSSL Conversion Commands
From PEM Format
PEM to DER:
openssl x509 -outform der -in certificate.pem -out certificate.der
PEM to P7B:
openssl crl2pkcs7 -nocrl -certfile certificate.cer -out certificate.p7b
PEM to PFX:
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt
To PEM Format
DER to PEM:
openssl x509 -inform der -in certificate.cer -out certificate.pem
P7B to PEM:
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
PFX to PEM:
openssl pkcs12 -in certificate.pfx -out certificate.cer -nodes
Note: When converting PFX to PEM, OpenSSL outputs all certificates and the private key in one file. You'll need to manually separate them into individual files for most server configurations.