Skip to main content

What is a digital certificate?

A digital certificate, also known as an SSL/TLS certificate or public key certificate, is a digital document that verifies the identity of a website, server, or other digital entity, and allows secure communication between two parties by encrypting data sent over the internet. It contains information about the identity of the certificate holder, such as their name and public key, and is issued by a trusted third-party Certificate Authority (CA).

There are different types of digital certificates that can be generated with various parameters. Certificates can be password-protected, can be bundled with the keys, can rely on different cryptographic algorithms, and eventually expire. Considering these factors, it can be challenging to develop and test web applications that rely on digital certificates.

On this page, you can find guides on creating digital certificate templates with parameters that match your specific needs.

Generate a key pair for a HTTPS server

In this guide you'll create a template for generating a private key and self-signed certificate for a Node.js HTTPS server:

1
[object Object]
Navigate to Digital Certificates → Certificate templates and click Create template.
2
[object Object]
Fill in the General section of the template form.

Name
https-server
Key algorithm
rsa
Key size
2048
Signature algorithm
sha256
3
[object Object]
Scroll down to Extensions and configure the certificate type, key usage, and extended key usage.

Certificate type
End Entity
Key usage
Key Encipherment, Digital Signature
Extended key usage
Tls Web Server Authentication
4
[object Object]
Scroll down to Distinguished Name (DN) and set the common name to localhost. Click Save when done.

Common name (CN)
localhost
Import this sample
5
The template appears in the grid.
The template appears in the grid.
6
[object Object]
Click the template's Generate button, choose the format and passphrase, and click Generate to download the certificate bundle.

Format
PKCS#12
Passphrase
pass

Use the downloaded https-server.pfx file to configure a Node.js HTTPS server:

index.js
(async function main() {
    const https = await import('node:https');
    const fs = await import('node:fs');

    const httpsOptions = {
        // The name of the certificate bundle and the passphrase that was set in the generation dialog
        pfx: fs.readFileSync('https-server.pfx'),
        passphrase: 'pass'
    };

    https.createServer(httpsOptions, (req, res) => {
        res.writeHead(200);
        res.end('Hello World\n');
    }).listen(8000);

    console.log(`Listening on https://localhost:8000`);
})();

Run the server and query it with cURL or a similar HTTP client:

Example commands
// Start server
$ node index.js
Listening on https://localhost:8000

// Query the server with cURL
$ curl -kv https://localhost:8000
*   Trying 127.0.0.1:8000...
...
* Server certificate:
*  subject: CN=localhost; C=US; ST=California; L=San Francisco; O=CA Issuer, Inc
*  ...
*  issuer: CN=localhost; C=US; ST=California; L=San Francisco; O=CA Issuer, Inc
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
...
> GET / HTTP/1.1
> Host: localhost:8000
> User-Agent: curl/7.88.1
> ...
< HTTP/1.1 200 OK
< ....
<
Hello World

Export a private key as a JSON Web Key (JWK)

In this guide, you will generate a private key in PKCS#8 format and then export it to a JSON Web Key (JWK) using a custom responder and the browser's built-in Web Crypto API:

1
[object Object]
Navigate to Digital Certificates → Certificate templates and click Create template.
2
[object Object]
Fill in the General section with ECDSA key parameters. Click Save when done.

Name
jwk
Key algorithm
ecdsa
Curve name
secp384r1
Signature algorithm
sha256
3
The template appears in the grid.
The template appears in the grid.
4
[object Object]
Click the template's Generate button, choose PKCS#8 (private key only) format, and click Generate to download the private key as jwk.p8.

Format
PKCS#8 (private key only)
5
[object Object]
Navigate to Webhooks → Responders, click Create responder, and configure a responder that serves an HTML page with the Web Crypto API to convert PKCS#8 keys to JWK. Click Save.

Name
Subtle Crypto
Path
/subtle-crypto
Headers
Content-Type: text/html; charset=utf-8
Body
<!DOCTYPE html>
<html lang="en">
<head>
  <title>Subtle Crypto</title>
  <style>
    .center { text-align: center }
    pre {
      outline: 1px solid #ccc;
      padding: 5px;
      margin: 1em auto;
      width: 30%;
      overflow: hidden;
      text-overflow: ellipsis;
    }
  </style>
  <script type="text/javascript">
    document.addEventListener("DOMContentLoaded", async function main() {
      document.getElementById("p8_upload").addEventListener("change", (e) => {
        if (e.target.files.length === 0) {
          return;
        }

        const reader = new FileReader();
        reader.onload = async () => {
          // Import generated PKCS#8 key as SubtleCrypto's CryptoKey.
          const cryptoKey = await window.crypto.subtle.importKey(
              "pkcs8",
              new Uint8Array(reader.result),
              { name: "ECDSA", namedCurve: "P-384" },
              true,
              ["sign"]
          )

          // Export CryptoKey as JWK and render it.
          document.getElementById("jwk").textContent = JSON.stringify(
              await window.crypto.subtle.exportKey('jwk', cryptoKey),
              null,
              2
          );
        };
        reader.readAsArrayBuffer(e.target.files[0]);
      });
    });
  </script>
</head>
<body>
<h1 class="center">PKCS#8 ➡ JSON Web Key (JWK)</h1>
<div class="center">
  <label for="p8_upload">Choose PKCS#8 key (*.p8)</label>
  <input
      type="file"
      id="p8_upload"
      name="p8_upload"
      accept=".p8" />
  <br />
</div>
<pre id="jwk">No PKCS#8 key is loaded yet...</pre>
</body>
</html>
Import this sample
6
The responder appears in the grid with its unique URL.
The responder appears in the grid with its unique URL.
7
[object Object]
Click the responder URL, upload the jwk.p8 file, and observe the JSON Web Key (JWK) derived from your ECDSA key.

Import a certificate template from a string

In this guide you'll import a certificate template by pasting PEM-encoded certificate content:

1
[object Object]
Navigate to Digital Certificates → Certificate templates and click Import template.
2
[object Object]
Paste one or more PEM-encoded certificates into the PEM content field and click Parse certificates.
3
[object Object]
Review the parsed certificates. Expand each certificate to view its details. Select which certificates to import and set template names. Click Import to create the certificate templates.
4
The imported templates appear in the grid.
The imported templates appear in the grid.

You can also import certificates by selecting the File source and uploading a .pem, .crt, .cer, or .cert file.

Import a certificate template from URL

In this guide you'll import a certificate template by extracting the TLS certificate chain from a website:

1
[object Object]
Navigate to Digital Certificates → Certificate templates and click Import template.
2
[object Object]
Select URL as the source, enter an HTTPS URL (e.g., https://test.example.com), and click the Fetch button.
3
[object Object]
The fetched PEM content appears in the text area. Click Parse certificates to parse the certificates.
4
[object Object]
Review the fetched certificates. Expand each certificate to view its details. Select which certificates to import and set template names. Click Import to create the certificate templates.
5
The imported templates appear in the grid.
The imported templates appear in the grid.

Share a certificate template

This guide will walk you through sharing a certificate template publicly, allowing anyone on the internet to view it:

1
[object Object]
Navigate to Digital Certificates → Certificate templates, pick the template you'd like to share, and click Share.
2
[object Object]
Toggle the Share template switch to on position, then click the Copy link button to copy a unique shared template link to your clipboard.
3
[object Object]
To stop sharing the template, switch the Share template toggle to the off position.