🌐

Certificate Key Matcher

Check a certificate, private key & CSR belong together.

How it works

Before installing a certificate, confirm it actually belongs to your private key — a mismatch is the most common cause of "key values mismatch" errors in Nginx and Apache. Paste any two of the three and we compare the public key inside each.

It works by comparing the RSA modulus (or EC public point) — the same thing openssl rsa -modulus prints, just without the typing.

About your private key: it is parsed entirely in this browser tab and never sent to any server. That said, treat any private key you paste anywhere online as sensitive — prefer a test key if you're unsure.

Encrypted keys must be decrypted first: openssl pkcs8 -topk8 -nocrypt -in key.pem -out pkcs8.pem

🔒 Parsed with the Web Crypto API in your browser — the certificate, CSR, and especially your private key are never uploaded.

🔒 Parsed in your browser: certificates, CSRs and private keys are decoded locally with the Web Crypto API and are never sent to a server — unlike most online SSL tools, which ask you to upload them. Still, treat any private key you paste online as sensitive.

Related Networking tools