Test Web Crypto API

This is an early development version of this tool! You should not use this tool to create keys for productive environments.

Step 1: Create key and CSR

First the JavaScript creates a public/private key part. Then it takes the Common Name provided in the input area and creates a Certificate Signing Request ("CSR") from the name and the key. This CSR can now be used to create a certificate on the CAcert web page.

Note 1: When creating a certificate for a webserver an additional input for the "additional names" of the server would probably be needed

Note 2: When creating a client type certificate, for example to use in mail communication, the additional data provided here is ignored by the CAcert web page and replaced by the datat stored in your account. So you usually won't enter anything here.

In addition the private key created by the browser is shown in the right textarea. When configuring an Apache type webserver this must be stored in the key-file which is then referenced by the configuration.

Common Name for server type certificates:
Created CSR to paste in request:
Created private key:

Step 2: Create a PKCS#12 file

The key created in step one and the certificate created on the CAcert website can now be combined into a PKCS#12 file, which can then be imported into other programs like Thunderbird or into the Windows Certificate Storage.

You have to paste the certificate created on the CAcert page into the large textbox. Since in a PKCS#12 file the private key is encrypted by a password you also have to provide such a password in the small input area here.

Certificate created by CAcert:
Password: