Hi everyone! I am an embedded developer by day, and an indie hacker by night. I'm building x509Lab, a purely client-side visual tool for managing certificate chains.
Today I’m releasing a pretty heavy feature update: CSR (Certificate Signing Request) Generation & Parsing.
The Pain Point
Usually, creating a CSR involves opening a terminal and typing something like this:
openssl req -new -key private.key -out request.csr
Then you have to remember which flags to pass for Subject Alternative Names (SANs) or specific Key Usages. To check if you did it right, you have to run openssl req -text -noout -in request.csr. It's tedious.
x509Lab now solves this visually in the browser.
Feature 1: Generate CSR
Click the 📄 CSR button in the top toolbar to open the new modal.
I’ve added comprehensive Subject fields:
-
CN(Common Name) -
O(Organization) -
OU(Org Unit) -
C,ST,L(Location data) -
SAN(DNS / IP)
But the real highlight is the Key Usage & Extended Key Usage (EKU) checkboxes.
Not just for web servers (Great for IoT/ECU)
Since my day job involves automotive software, I wanted to make sure this tool could handle IoT and vehicle ECU PKI scenarios.
By setting specific fields like OU = ChassisControl and selecting clientAuth and codeSigning in the EKU section, you can generate CSRs perfectly suited for vehicle OTA updates or V2X infrastructure testing.
Feature 2: Parse CSR
Generating is only half the battle. If you switch to the Parse CSR tab, you can paste any existing .csr PEM string or upload a file.
The app instantly decodes it and displays:
- The full Subject DN
- The Signature Algorithm
- SAN list
- Key Usage / EKU extensions
It completely replaces the need to run the -text OpenSSL command just to peek inside a CSR file.
100% Secure & Client-Side
Just like the rest of x509Lab, everything runs on the Web Crypto API. No data, private keys, or CSRs are ever transmitted to a backend server.
🔗 Try it live here: https://x509lab.vercel.app
Let me know if you run into any bugs or have feature requests!
Top comments (0)