certgen

Generate X.509 certificates and RSA keys locally in your browser. Self-sign, or sign with your own issuer. Nothing is sent anywhere.

Subject

Options

Optional. DNS names and IPv4 addresses are auto-detected.
{{ issuer.loaded ? 'Issuer: ' + issuer.cn : 'Self-signed' }}
{{ error }}
This generates a BrCAC-shaped transport certificate profile locally. Production acceptance still depends on issuance through an approved ICP-Brasil/Open Finance Brasil V10 certificate chain and correct Directory values.

BrCAC Subject

Generate a random valid CNPJ, or enter your own.
Stored as organizationIdentifier OFBBR-<code>.
Generate a random UUID, or enter your own.
Used as both commonName and DNS subjectAltName.

BrCAC Options

Open Finance Brasil specifies RSA 2048.
{{ issuer.loaded ? 'Issuer: ' + issuer.cn : 'Self-signed' }}
{{ error }}

Issuer

Paste or upload an issuer certificate and its private key. The generated certificate will be signed by this issuer instead of being self-signed. Leave blank to self-sign.
{{ issuerError }}

Output

Certificate (PEM)

Private Key (PEM, unencrypted)

Public Key (PEM)