証明書・CSR・Keygen ツール

秘密鍵、CSR、自己署名 X.509 証明書をブラウザー内で生成し、既存の証明書を確認できます。

鍵と証明書の内容はこのブラウザーから送信されません
Certificate tool
Subject identity
DN
Key and certificate settings
Certificate usages
Private keys, names, domains, certificate text, and uploaded files are never stored or sent to analytics.
Generated files

Complete the subject and key settings to generate downloadable PEM and DER files.

Free open-source browser tool

Generate, convert, and inspect certificates locally

Use Web Crypto and open-source X.509 tooling to create RSA or ECDSA keys, PKCS#10 CSRs, self-signed certificates, and a local development CA. Convert PEM/DER, match keys, process PFX/P12 files, and generate OpenSSL commands without uploading private material.

CSRs and self-signed certificates

Enter subject and SAN values, then download PEM or DER files, a PKCS#8 private key, and an SPKI public key.

Local development CA

Generate a root CA, localhost server certificate, private keys, and chain together, then verify the signing relationship.

Conversion and key matching

Convert certificate, CSR, SPKI public-key, and PKCS#8 private-key files between PEM and DER, then compare private keys, CSRs, and certificates by SPKI SHA-256 fingerprint.

PFX/P12 and OpenSSL

Create or extract RSA P12/PFX bundles locally and generate OpenSSL 3.x commands for common certificate workflows.

Certificate, CSR, and Keygen FAQ

Are private keys or certificate contents uploaded?

No. Key generation, signing, verification, parsing, and downloads happen in the current browser. Analytics never include keys, subject values, domains, certificate text, or uploaded content.

Can a self-signed certificate secure a public website?

Not by default. Browsers and operating systems do not normally trust self-signed certificates. Use them for local development, tests, internal services, or environments where you manage trust. Public sites should use a certificate issued by a trusted CA.

How should I use the local development CA?

Install and trust the root CA certificate only on development devices you control. Keep its private key secret and never upload, share, or deploy it to a production server.

Is a P12 password sent to a server?

No. P12 creation, decryption, and extraction happen in the current browser. Passwords are not stored or included in analytics. Extracted private keys are unencrypted PEM files and must be protected after download.

What is the difference between a CSR and a certificate?

A CSR contains a public key, subject details, and the requester's signature for submission to a certificate authority. A certificate is signed by an issuer and adds validity, usages, and extensions.

Which private-key format is downloaded?

Private keys use unencrypted PKCS#8 PEM or DER. Store the download securely, restrict access, and never share it through chat, email, or a public repository.

RouteMarket.ai

Keep working with developer tools

Format JSON, process URLs, create hashes, or generate secure random values with free browser-local tools.

Browse all tools