CertMate CertMate / Tools
7 en ligne · d'autres chaque semaine

La boîte à outils certificats à laquelle vous pouvez vraiment faire confiance.

Décodez, validez, inspectez et surveillez vos certificats TLS sans jamais les téléverser. Tout s'exécute dans votre navigateur. Aucun compte, aucune pub, aucun tracker.

Explorer la boîte à outils Essayer le décodeur de certificat →

Nos outils

100% client-side. Built with Web Crypto + @peculiar/x509.

Single-purpose tools, one URL each, no upsell. Open source — read the code.

Decode & inspect

Parse certificates, CSRs and keys in your browser — never uploaded.

certificate-decoder

CSR Decoder

Paste a PKCS#10 Certificate Signing Request and see CN, SAN, key parameters and challenge attributes.

Validate

Chains, hostnames, key/cert pairs — formal checks against RFC 5280 / 6125.

Chain Builder & Validator

Paste a bundle of PEM blocks. Reorder them into a valid leaf → root chain and spot what's missing.

Key ↔ Cert Matcher

Confirm a private key and certificate match. Both stay in your browser — Web Crypto only.

Hostname / SAN Validator

Test which hostnames a certificate covers under RFC 6125 — wildcards, IDN, CN fallback.

Monitor

Certificate transparency search, expiry inventory, alerting.

ct-search

soon

bulk-expiry

soon

ACME helpers

External account binding, DNS-01 challenge math, provider quick-refs.

acme-dns-01

Compliance EU

NIS2, DORA, eIDAS 2.0 — TLS posture mapped to the articles.

nis2-tls-readiness

Trusted external tools

Curated, opens in a new tab.

Some jobs need infrastructure we cannot replicate in a static site — live TLS handshakes, transparency log indexing, OCSP queries. These are the ones we trust.

Validate

HSTS Preload

external

Official Chromium HSTS preload submission and status check.

Probe & scan

Qualys SSL Labs

external

The reference TLS server grader. Slow but authoritative.

Hardenize

external

Fast multi-protocol scan: TLS, DNSSEC, HSTS, email security.

Mozilla HTTP Observatory

external

Open-source security headers + cookies + TLS analyzer by Mozilla.

open source

testssl.sh

external

The gold-standard self-hosted TLS scanner. CLI, no telemetry.

open source

Revocation Check

external

The only OCSP / CRL checker that still works well.

Monitor

crt.sh

external

Comodo / Sectigo certificate transparency search. UI from 1998, data is unmatched.

SSLMate Cert Spotter

external

CT monitor with reliable alerts. Open core.

open source

Compliance EU

internet.nl

external

EU benchmark for internet standards. Operated by the Dutch Internet Standards Platform.

open source

ENISA NIS2 Guidance

external

Official ENISA technical implementation guidance (June 2025).

Vous gérez des dizaines de certificats ?

Les durées de validité des certificats TLS publics baissent — le ballot CA/Browser Forum SC-081v3 plafonne la validité à 200 jours dès mars 2026, 100 jours dès 2027 et 47 jours dès 2029. CertMate est le gestionnaire open-source pensé pour cette automatisation. SC-081v3 ↗

CertMate sur GitHub →