Trustico’s SSL/TLS tools: how to guide

Trustico’s SSL/TLS tools are publicly available for use by customers and Resellers for testing and development purposes, as well as for those without access to a server or web hosting panel to generate a CSR on.

CSR & Private Key Generator

A CSR (Certificate Signing Request) is an encoded text file containing information about the organization and domain / website to be secured. A Private Key will be created alongside the Certificate Signing Request (CSR) and must be saved and stored in a secure directory as it is required for SSL/TLS Certificate installation.

To generate a CSR and Private Key pair, the following information must be entered into the text fields pictured above:
Common Name / Domain Name (e.g. example.com)
Organization (e.g. Example Pty Ltd)
Organization Unit (e.g. IT Department)
City (e.g. New Orleans)
State / Province / County (e.g. Louisiana)
Country (e.g. US – United States)
E-Mail Address (e.g. gary.stu@example.com)

There is also an ‘Advanced Settings’ option which, if ticked, allows you to select the key strength and SHA size used. The industry standard is currently RSA 2048-bit encryption and SHA256 algorithm which is the default on the tool. If your server can handle higher encryption than the industry standard, it is advisable to do so.

Once all the information has been entered, click the ‘Generate’ button. The Private Key will display with the CSR under it. Make sure to click the Download button (the downward arrow button) as, once the page is closed, the CSR and Private Key are permanently gone. Trustico does not receive a copy of either.

There is also the option to decode the CSR to check that the information contained within is correct; which is the button to the right of the download button.

Certificate / CSR Decoder

Here you can upload your SSL/TLS Certificate or CSR and decode it instantly. This tool is useful to verify that the SSL/TLS Certificate is valid and to check the information held within it.

To decode your CSR or SSL/TLS Certificate, simply copy and paste its contents into the text box provided, or click the ‘Choose File’ button and select the desired file. Click the ‘Decode / Validate’ button and you will be presented with the contents of the CSR or SSL/TLS Certificate, such as common name and country code; the raw OpenSSL data such as key strength and hash algorithm; and the OpenSSL ASN1parse.

Website Certificate Checker

Here you can enter a domain name or URL and its SSL/TLS Certificate will be decoded instantly. This tool is useful to verify that your SSL/TLS Certificate is valid, correctly installed, trusted and doesn’t display any errors to your website visitors.

To use this tool, simply enter the domain whose SSL/TLS certificate you wish to check, such as trustico.com, and click the ‘Decode & Validate’ button. The page will then display the validity period, subject information, issuer information, Subject Alternative Names (SANs), x509 extensions, and the raw OpenSSL data for the SSL/TLS certificate the website is secured with.

Certificate & Private Key Matcher

Use this tool to verify that the CSR or SSL/TLS Certificate and Private Key are made to work with each other. Our tool will check whether a Private Key matches an SSL/TLS Certificate or Certificate Signing Request. Installation of an SSL/TLS Certifiate requires the corresponding Private Key – any mismatch will prevent the SSL/TLS Certificate from functioning correctly, resulting in browser errors and pop-up warnings.

To check if your SSL/TLS Certificate or CSR and Private Key, simply copy and paste the SSL/TLS Certificate or CSR into the first text box, and the Private Key into the second text box; or use the ‘Choose File’ buttons and select the relevant files. Then, click the ‘Validate Instantly’ button.

If the pair are a match, you will see the message ‘CSR and Private Key are a match!’ in green with a tick. If they are not a matching pair, you will see the message ‘CSR and Private Key doesn’t match.’ in red with a cross.

SSL Certificate Converter

Here you can convert between different formats of SSL/TLS Certificate files. This tool is useful to convert your Private Key, SSL/TLS Certificate and Intermediate SSL/TLS Certificate (CA) into various formats (PFX, P7B, DER etc). Depending on the server or software environment, the installation of an SSL/TLS Certificate may require a specific file format.

To convert your SSL/TLS Certificate into a different file type, first click the ‘Choose File’ button under the ‘SSL Certificate To Convert’ option and select the relevant SSL/TLS Certificate. The tool will attempt to automatically detect the format and update the ‘Existing SSL Certificate Format’ accordingly; if you think this is wrong, simply manually select the format type using the dropdown menu. Then, under the ‘New SSL Certificate Format’ option, use the dropdown menu to select the file type you would like to convert to. Some file types will require extra files, such as a PFX/PKCS#12 file, which will require the Private Key and intermediate CA bundle. Then, simply click the ‘Convert’ button and your file will be automatically downloaded as a .zip file.