Certificatetools.com Certificate Request Generator

Certificate AttributesUse an existing certificate as a template
Common Name(s):

More Information

Hover over any section of this page for additional information.
Subject Alternative Name(s):
Locality (City):
Private Key:
Key Usage:
Extended Key Usage:
Basic Constraints: Critical:    CA:    Path Length:


Who am I?

My name is Lyas Spiehler. I am an open source enthusiast, systems engineer, and a developer. I live in Slidell, Lousisiana. I have 2 awesome kids and a lovely wife named Michelle. I am always interested in discussing any and all things technology related, and I can be contacted by leaving a comment below.

I generated my CSR. Now what?

Usually you'll want to send your CSR to a trusted third party like https://www.thesslstore.com to get it signed by their root certificate authority. You can also self sign your certificate using an OpenSSL command like:
openssl x509 -in mycsr.csr -out newcert.pem -req -signkey myprivatekey.key -days 365

Something went wrong. What should I do?

After you generate your CSR if something didn't work properly, it is possible some illegal input was entered. Look at the "OpenSSL Output" for some clues about what may have gone wrong. Modify the form fields and try again. If you need additional help or want to report a bug, please leave a comment below.

What does this site do?

This site generates private keys and certificate signing requests generally to be signed by a trusted root certificate authority. It also shows the OpenSSL command that can be used to generate your private key and CSR offline on a local linux server.

How is this site different from other online certificate request generators?

No other site offers nearly as much flexibility as this tool. Many of them don't even allow multiple common names or subject alternative names. Another huge benefit to this site is being able to see the OpenSSL command so you can study it and learn how and why the command works the way it does, and/or run it on a local linux server. You can also hover over any section of the site to learn more about all of the available options.

Can't I just use vendor supplied tools for this?

Yes, sometimes. However, if you're using open source software you'll likely need to use OpenSSL to manually create your CSR. Personally, I typically prefer not to use the vendor supplied tools anyway.

Can I use the CSR I make with this tool with "Let's Encrypt?"

Absolutely. The command will look something like this:
letsencrypt-auto certonly --authenticator manual --server https://acme-v01.api.letsencrypt.org/directory --text --email youremail@domain.com --csr yourcsr.csr
For more information visit https://letsencrypt.org/

Your site is certificatetools.com. Do you intend to make more certificate tools?

Hopefully with time. Eventually I'll get some comments on the site or maybe a forum. If some requests come in for additional tools or functionality I might put more priority on it.

Developed by Lyas Spiehler