PKI Studio

Open-Source Enterprise Root Certificate (PKI) Platform

Self-Signed Certificate Generation

Quickly generates an independent Private Key and Certificate for testing and internal development environments.

Target Usage (Extensions)
⚙️ Advanced Certificate Extensions (OCSP & CDP)
✅ Success! Output Preview:
Root Certificate Authority (CA) Generation

Creates the main identity (Root CA) for your organization. Once installed in browsers, all certificates signed by this CA will be automatically trusted. (Valid for 10 years).

⚙️ Advanced Certificate Extensions (OCSP & CDP)
🏛️ CA Setup Complete! Keep your key safe.
Certificate Signing via CA

Present your existing Root CA certificate and private key to allocate a new trusted certificate for a child domain (Server/Client).

Target Certificate Configuration
Target Usage (Extensions)
⚙️ Advanced Certificate Extensions (OCSP & CDP)
✒️ Object Digitally Sealed by CA!
Sign CSR (Certificate Signing Request)

Sign an external CSR using your Root CA. The requester's private key remains hidden from you.

Target Usage (Extensions)
⚙️ Advanced Certificate Extensions (OCSP & CDP)
✅ CSR Successfully Signed!
Standalone CSR Generator

Generate a Certificate Signing Request (CSR) and Private Key pair. Send the CSR to your Certificate Authority for signing – your private key never leaves your device.

Requested Usage (Extensions)
📋 CSR Generated! Send to your CA for signing.
Certificate Decoder / Inspector

Instantly inspect any PEM certificate, CSR or Private Key metadata without internet access.

🔍 Decoded Object Details:
Certificate Revocation List (CRL) Generator

Revoke compromised or expired certificates by generating a signed CRL using your Root CA.

🚨 Certificate Revocation List Created!
Format Converter

Convert between Base64 (PEM) and Binary (DER) representations of X.509 objects.

Code Signing Certificate Generation

Generate a specialized certificate with the Code Signing Key Usage extension (1.3.6.1.5.5.7.3.3) to locally sign your executables, scripts, and libraries.

💻 Code Signing Keypair & Certificate Created!
Diffie-Hellman Parameters (PFS)

Export highly secure, standard RFC-3526 MODP groups for use with web servers (Nginx/Apache) to achieve Perfect Forward Secrecy.

About PKI Studio

Welcome! PKI Studio is a personal project I developed to provide a 100% offline (Air-Gapped) Enterprise Public Key Infrastructure management platform for high-security environments.

I built this tool to solve the complex problem of generating secure X.509 Certificates without having to rely on third-party backend servers or the cumbersome OpenSSL CLI. Every cryptographic operation you see here is processed entirely inside your local browser.

Key Capabilities

  • ❤️ 100% Free & Open-Source: PKI Studio is completely open-source. Anyone can audit the code, fork it, and host it internally. There are no paywalls or hidden trackers.
  • 🛡️ Zero-Backend (Air-Gapped): I designed the system with a strict Content-Security-Policy that blocks all external network traffic. Your private keys never leave your device.
  • 🔐 Modern Crypto Engine: Support for RSA (up to 8192-bit) and ECDSA (P-256/384) with AES-256 PKCS#8 encrypted payload exports.
  • 📦 PFX / PKCS#12 Bundling: Seamlessly injects generated keypairs and certificates into a unified password-protected vault for Windows/IIS endpoints.
  • 🔗 Full Chain Support: Generates Authority Key Identifiers, Subject Key Identifiers, and bundles `fullchain.pem` outputs natively.

Privacy & Usage

I made sure this tool requires absolutely no external dependencies beyond the bundled forge.min.js. You can completely disconnect your internet connection and continue generating advanced Wildcard infrastructure certificates safely.

Developer

👤 Faruk Guler 🐙 github.com/faruk-guler 🌐 www.farukguler.com