CSRTool is a free and open-source utility to help you get more out of your Public Key Infrastructure (PKI). It is a GUI tool that helps you perform some mundane activities with ease. We know you have command-line interface (CLI) tools to do the same job, but sometimes even the best of us cannot remember all the options to openssl, certutil or keytool.


  • Generates RSA public and private key-pairs in sizes ranging from 1024 to 8192 bit
  • Generates Elliptic Curve DSA public and private key-pairs using either the ANSI X9.62 named curves, or custom parameters for your own curve if so inclined
  • Saves the private-key in a PKCS8 file with Password-Based-Encryption using the SHA1withTripleDES algorithm
  • Generates a PEM-encoded CSR that can be submitted to a CA either through a web-form or e-mail
  • Generates keyUsage and/or the subjectAltName extensions (optionally) in the RSA-based CSR
  • Combines the private-key from the previously-stored PKCS8 file and the newly returned digital certificate, into a PKCS12 file that can be used for importation into desired applications - a future release will support the JKS and JCEKS key-stores too


  • The Java Runtime Environment (JRE) version 1.5.0_09 or above, for execution; or the Java Development Kit (JDK) version 1.5.0_09 or above, for development of the CSRTool
  • BouncyCastle's JCE Provider version 1.35 for creating the CSR (PKCS10), the private-key storage file (PKCS8) the portable file for the certificate and keys (PKCS12), and the ECC key-pairs
  • NetBeans 5.5 for modifying the GUI. While it is possible for someone to modify the Swing components directly in a text-editor or an IDE of their choice, CSRTool was created fairly rapidly using the GUI-builder in NetBeans 5.5. The use of this tool is recommended if you intend to modify CSRTool

Future development

  • Generating keys on hardware tokens, such as smartcards, TPMs, HSMs, etc.
  • Adding a panel to display the contents of a CSR;
  • Adding a panel to display the contents of a digital certificate;

Download CSRTool.

XML.org Focus Areas: BPEL | DITA | ebXML | IDtrust | OpenDocument | SAML | UBL | UDDI
OASIS sites: OASIS | Cover Pages | XML.org | AMQP | CGM Open | eGov | Emergency | IDtrust | LegalXML | Open CSA | OSLC | WS-I