Load the existing certificate
Optional, but needed to run a diff against your new CSR and catch dropped SANs before you submit.
Click to choose a .crt / .cer / .pem file
Private key
Generate a new key in-browser, or reuse an existing one. Keys are processed in memory only and never stored server-side.
Generate CSR
Fields are pre-filled from the certificate you loaded in step 1, if any. Review before generating.
Validate & review
Key match check, field-by-field diff against the existing certificate, and a risk report.
Key match
Risk findings
Download
Nothing here is retained after you close this tab.
Store the private key securely — this tool does not keep a copy once you leave this page.