What is a digital certificate?

A digital certificate, also known as an SSL/TLS certificate or public key certificate, is a digital document that verifies the identity of a website, server, or other digital entity, and allows secure communication between two parties by encrypting data sent over the internet. It contains information about the identity of the certificate holder, such as their name and public key, and is issued by a trusted third-party Certificate Authority (CA).

There are different types of digital certificates that can be generated with various parameters. Certificates can be password-protected, can be bundled with the keys, can rely on different cryptographic algorithms, and eventually expire. Considering these factors, it can be challenging to develop and test web applications that rely on digital certificates.

On this page, you can find guides on creating digital certificate templates with parameters that match your specific needs.

Generate a key pair for a HTTPS server

In this guide you'll create a template for generating a private key and self-signed certificate for a Node.js HTTPS server:

Navigate to Digital Certificates → Certificate templates and click Create template.

Fill in the General section of the template form.

Name	`https-server`
Key algorithm	`RSA`
Key size	`2048 bit`
Signature algorithm	`SHA-256`

Scroll down to Extensions and configure the certificate type, key usage, and extended key usage.

Certificate type	`End Entity`
Key usage	`Key encipherment, Digital signature`
Extended key usage	`TLS Web server authentication`

Scroll down to Distinguished Name (DN) and set the common name to localhost. Click Save when done.

Common name (CN)

localhost

The template appears in the grid.

Click the template's Generate button, choose the format and passphrase, and click Generate to download the certificate bundle.

Format	`PKCS#12`
Passphrase	`pass`

Use the downloaded https-server.pfx file to configure a Node.js HTTPS server:

index.js
(async function main() {
    const https = await import('node:https');
    const fs = await import('node:fs');

    const httpsOptions = {
        // The name of the certificate bundle and the passphrase that was set in the generation dialog
        pfx: fs.readFileSync('https-server.pfx'),
        passphrase: 'pass'
    };

    https.createServer(httpsOptions, (req, res) => {
        res.writeHead(200);
        res.end('Hello World\n');
    }).listen(8000);

    console.log(`Listening on https://localhost:8000`);
})();

Run the server and query it with cURL or a similar HTTP client:

Example commands
// Start server
$ node index.js
Listening on https://localhost:8000

// Query the server with cURL
$ curl -kv https://localhost:8000
*   Trying 127.0.0.1:8000...
...
* Server certificate:
*  subject: CN=localhost; C=US; ST=California; L=San Francisco; O=CA Issuer, Inc
*  ...
*  issuer: CN=localhost; C=US; ST=California; L=San Francisco; O=CA Issuer, Inc
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
...
> GET / HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.88.1
> ...
< HTTP/1.1 200 OK
< ....
<
Hello World

Export a private key as a JSON Web Key (JWK)

In this guide, you will generate a private key in PKCS#8 format and then export it to a JSON Web Key (JWK) using a custom responder and the browser's built-in Web Crypto API:

Navigate to Digital Certificates → Certificate templates and click Create template.

Fill in the General section with ECDSA key parameters. Click Save when done.

Name	`jwk`
Key algorithm	`ECDSA`
Curve name	`secp384r1 / NIST P-384`
Signature algorithm	`SHA-256`

The template appears in the grid.

Click the template's Generate button, choose PKCS#8 (private key only) format, and click Generate to download the private key as jwk.p8.

Format

PKCS#8 (private key only)

Navigate to Webhooks → Responders, click Create responder, and configure a responder that serves an HTML page with the Web Crypto API to convert PKCS#8 keys to JWK. Click Save.

Name	`Subtle Crypto`
Path	`/subtle-crypto`
Headers	`Content-Type: text/html; charset=utf-8`
Body	<!DOCTYPE html> <html lang="en"> <head> <title>Subtle Crypto</title> <style> .center { text-align: center } pre { outline: 1px solid #ccc; padding: 5px; margin: 1em auto; width: 30%; overflow: hidden; text-overflow: ellipsis; } </style> <script type="text/javascript"> document.addEventListener("DOMContentLoaded", async function main() { document.getElementById("p8_upload").addEventListener("change", (e) => { if (e.target.files.length === 0) { return; } const reader = new FileReader(); reader.onload = async () => { // Import generated PKCS#8 key as SubtleCrypto's CryptoKey. const cryptoKey = await window.crypto.subtle.importKey( "pkcs8", new Uint8Array(reader.result), { name: "ECDSA", namedCurve: "P-384" }, true, ["sign"] ) // Export CryptoKey as JWK and render it. document.getElementById("jwk").textContent = JSON.stringify( await window.crypto.subtle.exportKey('jwk', cryptoKey), null, 2 ); }; reader.readAsArrayBuffer(e.target.files[0]); }); }); </script> </head> <body> <h1 class="center">PKCS#8 ➡ JSON Web Key (JWK)</h1> <div class="center"> <label for="p8_upload">Choose PKCS#8 key (*.p8)</label> <input type="file" id="p8_upload" name="p8_upload" accept=".p8" /> <br /> </div> <pre id="jwk">No PKCS#8 key is loaded yet...</pre> </body> </html>

The responder appears in the grid with its unique URL.

Click the responder URL, upload the jwk.p8 file, and observe the JSON Web Key (JWK) derived from your ECDSA key.

Import a certificate template from a string

In this guide you'll import a certificate template by pasting PEM-encoded certificate content:

Navigate to Digital Certificates → Certificate templates and click Import template.

Paste one or more PEM-encoded certificates into the PEM content field and click Parse certificates.

Review the parsed certificates. Expand each certificate to view its details. Select which certificates to import and set template names. Click Import to create the certificate templates.

The imported templates appear in the grid.

You can also import certificates by selecting the File source and uploading a .pem, .crt, .cer, or .cert file.

Import a certificate template from URL

In this guide you'll import a certificate template by extracting the TLS certificate chain from a website:

Navigate to Digital Certificates → Certificate templates and click Import template.

Select URL as the source, enter an HTTPS URL (e.g., https://test.example.com), and click the Fetch button.

The fetched PEM content appears in the text area. Click Parse certificates to parse the certificates.

Review the fetched certificates. Expand each certificate to view its details. Select which certificates to import and set template names. Click Import to create the certificate templates.

The imported templates appear in the grid.

This guide will walk you through sharing a certificate template publicly, allowing anyone on the internet to view it:

Navigate to Digital Certificates → Certificate templates, pick the template you'd like to share, and click Share.

Toggle the Share template switch to on position, then click the Copy link button to copy a unique shared template link to your clipboard.

To stop sharing the template, switch the Share template toggle to the off position.

Generate a key pair for a HTTPS server​

Export a private key as a JSON Web Key (JWK)​

Import a certificate template from a string​

Import a certificate template from URL​

Share a certificate template​

Generate a key pair for a HTTPS server

Export a private key as a JSON Web Key (JWK)

Import a certificate template from a string

Import a certificate template from URL

Share a certificate template