Drop your certificate and key files below. certkit will parse them, match private keys to their certificates by Subject Key Identifier, resolve certificate chains via AIA, verify trust against the Mozilla root store, and package everything into organized bundles you can deploy directly.
Supported formats and how it works
- Formats: PEM, DER, PKCS#12 (.p12/.pfx), PKCS#7 (.p7b), JKS (.jks), and ZIP/TAR archives containing any of the above.
- Key matching: Private keys are matched to certificates using the Subject Key Identifier (SKI). Drop them in any order, from any number of files.
- Chain resolution: Missing intermediate certificates are fetched automatically via Authority Information Access (AIA) URLs embedded in your certs.
- Trust validation: Each certificate is verified against the embedded Mozilla CA root store. Untrusted, expired, and non-leaf certificates are hidden by default.
- Export: Select which bundles to include, then download a ZIP containing the leaf cert, chain, full chain, intermediates, root, private key, and PKCS#12 archive for each.
- Privacy: Everything runs locally in your browser via WebAssembly. No files are uploaded to any server.
Drop files or folders here
PEM, DER, PKCS#12, PKCS#7, JKS, ZIP — or click to browse
Results
| CN / Name | Type | Key Type | Expiry | SKI | Key Match | Source |
|---|
Private Keys
| Type | Bits | SKI | Cert Match | Source |
|---|