Paste a certificate (or CSR) and a private key to check whether they belong together — runs locally, nothing leaves your browser
When you deploy HTTPS, the certificate must line up exactly with its private key — otherwise Nginx or Apache fails to start with errors like "key values mismatch". This tool checks, in your browser, whether a certificate (or CSR) and a private key belong to the same pair: RSA is compared by modulus and EC by curve and public point — the same idea as comparing openssl -modulus hashes, without typing a long command.
Everything runs client-side with pkijs and node-forge. The certificate and private key you paste are processed entirely in the browser, are never uploaded, and make no network request — you can confirm it in your browser's Network panel.
No. The match runs entirely in your browser with pkijs and node-forge. The certificate and private key never leave your device and no network request is made.
For RSA it compares the modulus of the certificate's public key with the private key's modulus (equivalent to openssl x509 -noout -modulus matching openssl rsa -noout -modulus). For EC it compares the curve and the public point.
Yes. Paste a -----BEGIN CERTIFICATE REQUEST----- CSR into the certificate box; the tool reads the public key from the CSR and compares it with the private key — handy for confirming a CSR and key are a pair before requesting a certificate.
RSA and EC (e.g. P-256/384/521). Private keys may be unencrypted PKCS#1, PKCS#8 or SEC1 PEM; encrypted keys must be decrypted first. Ed25519/Ed448 matching is not supported yet.