Managing SSL certificates is one of the most error-prone tasks in web development. A mismatched private key, a CSR with the wrong Common Name, or an expired certificate in the wrong format can take a site down instantly. The Anonymiz SSL Certificate Tools suite gives you everything you need to generate, check, decode and convert SSL certificates — free, no software, no signup.
The 6 SSL Tools and When to Use Each
1. SSL Certificate Checker
The starting point for any SSL audit. Enter any domain and the SSL Certificate Checker fetches the live certificate and shows you the expiry date, issuing authority, subject alternative names, cipher suite and security grade. Run it on your site before every renewal to confirm the new certificate installed correctly.
2. Certificate Key Matcher
One of the most common SSL errors is installing a certificate that does not match the private key on the server. This happens when a new certificate is generated using a CSR from a different private key, or when the wrong .key file is uploaded. The Certificate Key Matcher extracts the public key modulus from both the certificate and the private key and compares them. If they match, the certificate will work on that server. If not, you need a new certificate.
3. Check CSR
Before submitting a CSR to a Certificate Authority, verify it contains the correct information. The Check CSR tool decodes the CSR and shows the Common Name, organisation, country, key type and size, and any Subject Alternative Names. A wrong Common Name or missing SAN at this stage means the issued certificate will not work for your domain.
4. CSR Generator
The CSR Generator creates a Certificate Signing Request and matching private key entirely in your browser session. Fill in your domain, organisation details and choose 2048-bit or 4096-bit RSA. The tool outputs both the CSR (to submit to your CA) and the private key (to install on your server). It supports Subject Alternative Names for multi-domain certificates.
5. CSR Decoder
The CSR Decoder goes deeper than Check CSR — it shows all fields plus a security analysis. It flags weak key sizes, missing SAN entries and other issues that would cause problems after issuance. Use it when you receive a CSR from a developer or client before submitting it to a CA.
6. SSL Converter
Different servers and platforms require different certificate formats. Apache uses PEM, Windows IIS uses PFX, Java applications often use P7B or JKS. The SSL Converter handles PEM to DER and DER to PEM conversions in the browser. For P7B, PFX and JKS conversions, it provides the exact OpenSSL commands to run locally.
The SSL Certificate Workflow
Understanding the full lifecycle helps you use the right tool at the right time:
- Step 1 — Generate: Use the CSR Generator to create a private key and CSR for your domain
- Step 2 — Verify: Use Check CSR to confirm the Common Name and SAN entries are correct
- Step 3 — Submit: Send the CSR to your CA (Lets Encrypt, DigiCert, ZeroSSL etc.)
- Step 4 — Install: Upload the issued certificate and private key to your server
- Step 5 — Verify match: Use Certificate Key Matcher to confirm they are a valid pair
- Step 6 — Check live: Use SSL Certificate Checker to confirm the certificate is live and valid
- Step 7 — Convert if needed: Use SSL Converter if your server needs a different format
Common SSL Errors and How to Fix Them
The most common SSL errors and the tools that fix them:
- SSL handshake failed — Certificate and private key do not match. Use Certificate Key Matcher to confirm, then reissue the certificate.
- Certificate not trusted — Intermediate certificates missing. Check the chain in SSL Certificate Checker and install the CA bundle.
- Common Name mismatch — Certificate CN or SANs do not match the domain. Check CSR before submitting next time.
- Certificate expired — SSL Certificate Checker shows the expiry date. Renew at least 30 days before expiry.
Use All 6 Tools Free
Every tool in the SSL Tools suite is completely free — no account, no download, no limit on checks. All certificate processing runs server-side using PHP OpenSSL. Private keys and certificates are never logged or stored.
