CertMate CertMate / Tools
7 aktiv · weitere kommen wöchentlich

Die Zertifikat-Toolbox der man wirklich vertrauen kann.

TLS-Zertifikate dekodieren, validieren, prüfen und überwachen — ohne jemals etwas hochzuladen. Alles läuft im Browser. Keine Konten, keine Werbung, kein Tracking.

Toolbox öffnen Certificate Decoder testen →

Unsere Tools

100% client-side. Built with Web Crypto + @peculiar/x509.

Single-purpose tools, one URL each, no upsell. Open source — read the code.

Decode & inspect

Parse certificates, CSRs and keys in your browser — never uploaded.

certificate-decoder

CSR Decoder

Paste a PKCS#10 Certificate Signing Request and see CN, SAN, key parameters and challenge attributes.

Validate

Chains, hostnames, key/cert pairs — formal checks against RFC 5280 / 6125.

Chain Builder & Validator

Paste a bundle of PEM blocks. Reorder them into a valid leaf → root chain and spot what's missing.

Key ↔ Cert Matcher

Confirm a private key and certificate match. Both stay in your browser — Web Crypto only.

Hostname / SAN Validator

Test which hostnames a certificate covers under RFC 6125 — wildcards, IDN, CN fallback.

Monitor

Certificate transparency search, expiry inventory, alerting.

ct-search

soon

bulk-expiry

soon

ACME helpers

External account binding, DNS-01 challenge math, provider quick-refs.

acme-dns-01

Compliance EU

NIS2, DORA, eIDAS 2.0 — TLS posture mapped to the articles.

nis2-tls-readiness

Trusted external tools

Curated, opens in a new tab.

Some jobs need infrastructure we cannot replicate in a static site — live TLS handshakes, transparency log indexing, OCSP queries. These are the ones we trust.

Validate

HSTS Preload

external

Official Chromium HSTS preload submission and status check.

Probe & scan

Qualys SSL Labs

external

The reference TLS server grader. Slow but authoritative.

Hardenize

external

Fast multi-protocol scan: TLS, DNSSEC, HSTS, email security.

Mozilla HTTP Observatory

external

Open-source security headers + cookies + TLS analyzer by Mozilla.

open source

testssl.sh

external

The gold-standard self-hosted TLS scanner. CLI, no telemetry.

open source

Revocation Check

external

The only OCSP / CRL checker that still works well.

Monitor

crt.sh

external

Comodo / Sectigo certificate transparency search. UI from 1998, data is unmatched.

SSLMate Cert Spotter

external

CT monitor with reliable alerts. Open core.

open source

Compliance EU

internet.nl

external

EU benchmark for internet standards. Operated by the Dutch Internet Standards Platform.

open source

ENISA NIS2 Guidance

external

Official ENISA technical implementation guidance (June 2025).

Verwalten Sie Dutzende von Zertifikaten?

Die maximale Laufzeit öffentlicher TLS-Zertifikate sinkt planmäßig — das CA/Browser Forum Ballot SC-081v3 senkt das Limit auf 200 Tage ab März 2026, 100 Tage ab 2027 und 47 Tage ab 2029. CertMate ist der Open-Source-Manager für diese Automatisierungsrealität. SC-081v3 ↗

CertMate auf GitHub →