Certificate Templates

Pre-configured certificate profiles for common use cases. Select a template to quickly generate a self-signed certificate.

Local Development

CN=localhost

Perfect for local HTTPS development servers. Includes localhost, wildcard, and loopback addresses.

RSA 2048
365 days
serverAuth
serverAuth4 SANs

API Server

CN=api.example.com

For production or staging API endpoints. Standard server authentication certificate.

RSA 2048
365 days
serverAuth
serverAuth

Client Authentication

CN=client

Used to authenticate a client to a server in mutual TLS (mTLS) scenarios.

RSA 2048
365 days
clientAuth
clientAuth

Code Signing

CN=Developer

Sign software, drivers, or scripts. Uses a stronger 4096-bit key with 2-year validity.

RSA 4096
730 days
codeSigning
codeSigning

S/MIME Email

CN=user@example.com

Encrypt and sign email messages. Provides email protection extended key usage.

RSA 2048
365 days
emailProtection
emailProtection

Internal CA

CN=Internal CA

Create an internal Certificate Authority to sign other certificates. 10-year validity with 4096-bit key.

RSA 4096
3650 days
CA:true
CA

mTLS Service

CN=service

For service-to-service mutual TLS. Enables both server and client authentication.

RSA 2048
365 days
serverAuth, clientAuth
serverAuthclientAuth

Kubernetes Webhook

CN=webhook-service.ns.svc

For Kubernetes admission webhooks. Uses the service DNS naming convention.

RSA 2048
365 days
serverAuth
serverAuth

This tool runs entirely in your browser. No data is sent to any server, collected, or stored. Your input never leaves your device.