Grade an X.509 certificate's hygiene

Paste a PEM certificate (or a full chain — leaf first). certlint grades it against RFC 5280, the CA/Browser Forum Baseline Requirements, and RFC 9525 — expiry, key strength, signature algorithm, SAN, validity length, and constraints. 100% in your browser: no network, nothing stored. A certificate is public by design, but this tool hard-rejects any private key so a key can never be pasted, analyzed, or stored.

Runs entirely in your browser — the certificate is never uploaded. Never paste a private key; this tool only reads certificates.