Why use online certificate tools
Submitting a CSR to a certificate authority without inspecting it often leads to rejections: wrong Common Name, missing SAN, or obsolete algorithm. Similarly, publishing a BIMI record with an invalid VMC prevents your logo from displaying. These tools prevent such errors.
Common use cases:
- Validate a CSR before submission → Verify that subject, SANs and algorithm match your change ticket
- Prepare a BIMI certificate → Confirm that the VMC covers your domains and remains valid
- Debug a rejected certificate → Identify the problematic attribute without waiting for CA support
- Document a PKI migration → Capture fingerprints before and after renewal
How to use certificate tools
Step 1: Choose the tool
| Need | Tool to use |
|---|---|
| Analyze a certificate request (CSR) | CSR Parser |
| Validate a BIMI VMC certificate | VMC Parser |
Step 2: Paste the PEM content
Copy the complete PEM block, including the -----BEGIN...----- and -----END...----- lines. The tool also accepts converted DER formats.
Supported formats:
- CSR:
-----BEGIN CERTIFICATE REQUEST----- - Certificate:
-----BEGIN CERTIFICATE-----
Step 3: Analyze the results
The tool displays:
- Subject: CN, O, OU, L, ST, C
- SAN: DNS, IP, URI
- Fingerprints: MD5, SHA-1, SHA-256
- Validity: start and end dates
- Chain: intermediate and root certificates
Tool details
CSR Parser
The parser decodes a Certificate Signing Request and displays:
| Field | Description |
|---|---|
| Common Name (CN) | Primary certificate name (e.g., www.captaindns.com) |
| Organization (O) | Legal entity name |
| Organizational Unit (OU) | Department or service |
| Subject Alternative Names | Additional covered domains and IPs |
| Public Key | Algorithm (RSA, ECDSA) and key size |
| Signature | Signature algorithm (SHA-256 with RSA, etc.) |
Use case: Validate that the CSR matches your request before sending it to the certificate authority.
VMC Inspector
The inspector analyzes a Verified Mark Certificate for BIMI:
| Field | Description |
|---|---|
| Issuer | Certificate authority (DigiCert, Entrust) |
| Validity | Start and expiration dates |
| Certified domains | SAN entries covered by the VMC |
| Logo URI | Associated SVG logo URL |
| Trust chain | Intermediate certificates to root |
Use case: Confirm that the VMC is valid and covers your domains before publishing the BIMI record.
FAQ - Frequently asked questions
Q: What is a CSR and why analyze it?
A: A CSR (Certificate Signing Request) contains the information you're asking a certificate authority to include in your certificate. Analyzing it before submission avoids rejections for incorrect attributes.
Q: How does the CSR parser work?
A: The parser decodes PEM format, extracts subject and SAN attributes, identifies the public key algorithm, and calculates fingerprints. Everything runs client-side or via API without storage.
Q: What is a VMC certificate for BIMI?
A: A VMC binds your brand logo to your verified legal identity. Without a valid VMC, email clients like Gmail won't display your BIMI logo.
Q: Are my certificates stored?
A: No. Certificates are analyzed in memory and are never retained after processing.
Q: What algorithms are supported?
A: RSA (2048, 4096 bits), ECDSA (P-256, P-384, P-521), and SHA-256, SHA-384, SHA-512 signatures.
Complementary tools
| Tool | Purpose |
|---|---|
| BIMI Record Check | Validate complete BIMI record (DNS + logo + VMC) |
| BIMI Logo Checker | Check SVG Tiny-PS compliance of your logo |
| DMARC Inspector | Verify DMARC policy required for BIMI |
| DNS Lookup | Query DNS records for your domain |
Useful resources
- RFC 2986 - PKCS #10 CSR (Certificate Signing Request specification)
- BIMI Group - VMC Requirements (VMC certificate requirements)
- CA/Browser Forum - Baseline Requirements (public certificate rules)
- DigiCert - VMC Documentation (VMC acquisition guide)