#pki

Generate and parse X.509 Certificate Signing Requests (PKCS#10) — the CSRs you submit to a Certificate Authority to obtain a TLS certificate. Generate a CSR from a common name plus optional organisation, country, locality and Subject Alternative Names, and get back the CSR together with a freshly-generated RSA private key (2048/3072/4096). Or parse an existing CSR to read its subject, SANs, key size and whether its signature is valid. Pure local processing — no key, no third-party service. Note: for development and testing; keep production private keys offline. Live, nothing stored. 3 endpoints. Distinct from key-pair generation, certificate decoding and live SSL checks.

api.oanor.com/csr-api

Decode an X.509 certificate (PEM) into readable details — without a live connection. Paste a certificate and get back its subject and issuer (parsed into fields), the validity window with days-until-expiry and an expired flag, the serial number, SHA-1 and SHA-256 fingerprints, the Subject Alternative Names, the public-key type and size, and the CA / self-signed flags. Pure local parsing with no third-party service. Live, nothing stored. 2 endpoints. Built for certificate inspection, CI/CD expiry checks, PKI debugging and audit tooling. Distinct from a live SSL/TLS endpoint checker — this decodes a certificate you already hold.

api.oanor.com/certdecode-api