Note: The certificate produced here is a self-signed test certificate, signed by a throwaway key generated in your browser, because a CSR carries only the public key. It is not issued by a Certificate Authority. Use it to check the kid and preview the trust-list entry, then replace it with one from a trusted authority before submitting to the registry.
The Certificate Generator turns a certificate signing request (CSR) and your organisation details into an X.509 certificate, derives the key id (kid) that identifies the key, and prepares a trust-list entry you can submit to register a relying party.
Provide the organisation details, choose the service type, and upload, drag and drop, or paste a CSR. The tool reads the public key from the CSR, derives the kid as an RFC 7638 JWK thumbprint, and builds a certificate that carries that key together with your organisation as the subject. It then prepares an onboarding/<participant-id>.json entry that matches the NXD trust list schema, with the certificate embedded.
Everything runs in your browser. Nothing you enter or upload leaves the page.