Skip to main content
Note: The certificate produced here is a self-signed test certificate, signed by a throwaway key generated in your browser, because a CSR carries only the public key. It is not issued by a Certificate Authority. Use it to check the kid and preview the trust-list entry, then replace it with one from a trusted authority before submitting to the registry.

Organisation details

Fill in the relying party details and provide a CSR
x509 CSR (certificate signing request) *

Generated certificate and key id

Self-signed test certificate, derived kid, and trust-list entry
Complete the form and provide a CSR, then choose Generate certificate. The certificate, its key id (kid), and a ready-to-edit trust-list entry appear here.

The Certificate Generator turns a certificate signing request (CSR) and your organisation details into an X.509 certificate, derives the key id (kid) that identifies the key, and prepares a trust-list entry you can submit to register a relying party.

Provide the organisation details, choose the service type, and upload, drag and drop, or paste a CSR. The tool reads the public key from the CSR, derives the kid as an RFC 7638 JWK thumbprint, and builds a certificate that carries that key together with your organisation as the subject. It then prepares an onboarding/<participant-id>.json entry that matches the NXD trust list schema, with the certificate embedded.

Everything runs in your browser. Nothing you enter or upload leaves the page.