Hey everyone, RocketSquirrel here. I am building x509Lab, a browser-based GUI tool for visualizing and testing X.509 certificate chains.
In the previous versions, clicking the 'Verify Chain' button was a bit frustrating. If your chain was broken, it would just throw a generic ❌ Signature FAIL message. It didn't tell you which certificate failed, or why.
I spent this weekend fixing that.
Granular Verification & Actionable Hints
The verification engine now breaks down the chain check into 8 distinct cryptographic and structural validations (Validity, CA Flags, DN Matching, Signatures, Path Length, Key Usage, etc.).
If a check fails, the UI now points to the exact certificate and gives you a hint on how to fix it.
-
Scenario: Expired Certificate
❌ [Intermediate CA] Validity Period FAIL💡 This certificate expired 365 days ago. Issue a new one.
-
Scenario: Broken Chain (DN Mismatch)
❌ [Leaf Cert] DN Mismatch💡 Issuer: "Wrong Root CA" -> Subject: "Demo Root CA" Check your signing CA.
Copy for Jira/Slack
I also added a Copy Report button. With one click, you get a clean text readout of the entire validation result, which is perfect for pasting into Slack to prove to the backend team that their Intermediate CA is indeed expired.
Like everything in x509Lab, this runs 100% locally via the Web Crypto API. Your keys and certs never touch a server.
🔗 Try it live here: https://x509lab.vercel.app
Let me know if this saves you from staring at OpenSSL man pages!
Top comments (0)