Managing SSL certificates is one of those tasks that looks simple until something goes wrong. An expired certificate takes your site offline. A mismatched private key stops your server from starting. A malformed CSR gets rejected by your Certificate Authority. And converting between certificate formats can turn into an hour of frustrating OpenSSL commands.
Anonymiz now has a full suite of free SSL certificate tools — six tools that cover every common SSL task without requiring any software installation or signup.
The 6 SSL Tools
1. SSL Certificate Checker
The SSL Certificate Checker connects to any domain and retrieves the full certificate details — expiry date, issuing Certificate Authority, subject alternative names, cipher suite and whether the chain is trusted. It grades the certificate from A to F and flags misconfigurations like expired certificates, self-signed certificates and hostname mismatches.
Run it on your domain before launch and schedule a reminder to run it again 30 days before expiry. Most certificate-related outages are preventable with a simple check.
2. Certificate Key Matcher
The Certificate Key Matcher answers the most common SSL installation question: does this certificate belong to this private key? Paste both and the tool extracts the public key from each and compares them cryptographically. A mismatch is the most common cause of SSL handshake errors after installing a new certificate.
3. Check CSR
Before submitting a CSR to a Certificate Authority, use the CSR Checker to validate it. It parses the encoded text and shows the Common Name, organisation, country, key type, key size and any Subject Alternative Names. A quick check catches typos in the domain name or missing fields before the CA rejects it.
4. CSR Generator
The CSR Generator creates a Certificate Signing Request and matching private key in seconds. Fill in your domain name, organisation details and choose your key size — 2048 or 4096 bit RSA. The tool also supports Subject Alternative Names for multi-domain certificates. Copy the CSR and submit it to your CA. Keep the private key safe — you will need it when you install the certificate.
5. CSR Decoder
The CSR Decoder goes deeper than the checker — it decodes all fields and runs a security analysis. It flags keys smaller than 2048 bits, warns about missing SAN entries (which modern browsers require) and identifies wildcard certificates. Use it when auditing CSRs generated by others before submitting to a CA.
6. SSL Converter
The SSL Converter converts certificates between PEM and DER formats in the browser, and provides ready-to-run OpenSSL commands for all other conversions including P7B and PFX. Different servers and applications require different certificate formats — Apache and Nginx use PEM, Windows IIS uses PFX, Java applications often use P7B.
Common SSL Certificate Problems — Solved
Certificate expired
Use the SSL Certificate Checker to monitor expiry dates. Set a calendar reminder 30 days before expiry. Many CAs and hosting panels send automatic email reminders, but do not rely solely on those — check manually.
ERR_SSL_PROTOCOL_ERROR or SSL handshake failed
Most commonly caused by a certificate and private key mismatch. Use the Certificate Key Matcher first. If they match, check that intermediate certificates are correctly chained — the SSL Checker will flag chain issues.
Certificate not trusted / self-signed warning
The SSL Checker shows whether the certificate is issued by a trusted CA or is self-signed. Self-signed certificates are fine for internal use but will show browser warnings for public sites.
Wrong domain in certificate
The SSL Checker shows all SAN entries. If your domain is not listed, you need a new certificate. Use the CSR Generator to create a new CSR with the correct domains and submit it to your CA.
All Free, No Signup Required
All six tools are completely free. No account, no login, no usage limits. The certificate and key matching runs server-side using PHP OpenSSL — your private key is never logged or stored. Visit the SSL Certificate Tools hub to get started.
