Certificate Key Matcher
Check a certificate, private key & CSR belong together.
How it works
Before installing a certificate, confirm it actually belongs to your private key — a mismatch is the most common cause of "key values mismatch" errors in Nginx and Apache. Paste any two of the three and we compare the public key inside each.
It works by comparing the RSA modulus (or EC public point) — the same thing openssl rsa -modulus prints, just without the typing.
Encrypted keys must be decrypted first: openssl pkcs8 -topk8 -nocrypt -in key.pem -out pkcs8.pem
🔒 Parsed with the Web Crypto API in your browser — the certificate, CSR, and especially your private key are never uploaded.
🔒 Parsed in your browser: certificates, CSRs and private keys are decoded locally with the Web Crypto API and are never sent to a server — unlike most online SSL tools, which ask you to upload them. Still, treat any private key you paste online as sensitive.