Free CSR Generator — RSA, ECDSA & Post-Quantum (ML-DSA)
PQCert is a free online tool to generate Certificate Signing Requests (CSRs), decode and verify existing ones, and scan any website's post-quantum readiness — no signup required.
What you can do
- Generate a CSR with RSA (2048/3072/4096), ECDSA (P-256/384/521), Ed25519, or post-quantum ML-DSA, SLH-DSA and Falcon keys.
- Hybrid CSRs — a matched classical + post-quantum pair for crypto-agility during the PQC migration.
- Decode & inspect any PKCS#10 CSR: subject, SANs, key strength, signature validity, extensions and fingerprint.
- Quantum-readiness scan of any live domain — a letter grade for "harvest now, decrypt later" risk with a migration plan.
- Self-signed test certificates and PKCS#12 (.p12) export.
Frequently asked questions
What is a CSR?
A Certificate Signing Request is a PKCS#10 message with your public key and identity that you send to a Certificate Authority to get an SSL/TLS certificate.
What is a post-quantum CSR?
A CSR signed with a NIST post-quantum algorithm — ML-DSA (FIPS 204), SLH-DSA (FIPS 205) or Falcon — that resists quantum-computer attacks, unlike RSA and ECDSA.
How do I check if my website is quantum-safe?
Open Quantum Scan, enter your domain, and PQCert grades your live TLS certificate's cryptography and recommends a migration path.
Guides
- How to generate a CSR (online, no OpenSSL)
- RSA vs ECDSA vs Ed25519 vs ML-DSA
- Is my website quantum-safe?
- Post-quantum cryptography for TLS
- How to decode and verify a CSR
Loading the interactive app… If it doesn't appear, enable JavaScript.