X.509 Certificate (.crt)
The same self-signed certificate under the conventional .crt extension (PEM-encoded) — for testing trust-store importers and tools that key off the .crt extension. Sample only.
-----BEGIN CERTIFICATE-----
MIIDgzCCAmugAwIBAgIITk9WVVNFWEEwDQYJKoZIhvcNAQELBQAwSDELMAkGA1UE
BhMCVVMxIDAeBgNVBAoMF05vdnVzIEV4YW1wbGVzIChTYW1wbGUpMRcwFQYDVQQD
DA5zYW1wbGUuZXhhbXBsZTAeFw0yNjAxMDEwMDAwMDBaFw0zNjAxMDEwMDAwMDBa
MEgxCzAJBgNVBAYTAlVTMSAwHgYDVQQKDBdOb3Z1cyBFeGFtcGxlcyAoU2FtcGxl
KTEXMBUGA1UEAwwOc2FtcGxlLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVYX/9q9aj3LffeA6qgRpQThR90RprignfD6G58QdlfCbs1czA
TJYL4ayoSbGA7YqVFqnzdo6SJsYfhZXnUfix7TQ4tO33C1l7pwkKp9yW/+ClIf90
PG6VZKRkWyD2inJSooR7uT8TUlsQ8J/mhif77RDYVLZO3SkIgOeovv9leo56DsdZ
NjG9nJ4jD4ySsabKelY83liABb/Bk5aIFdRFdoVsTvzC3RYK7SFj5Kyyl8PDJnDG
++8dAdJ1yWZ5TRw/3e3OyPNzTMZflm6wBG5kC0cE3KAawmuHFsQcdfRVsL5sxBMg
XS0HHaJwDOAtRAUfD1oUewiNymvH9xt+o2fVAgMBAAGjcTBvMA8GA1UdEwEB/wQF
MAMBAf8wLQYDVR0RBCYwJIIOc2FtcGxlLmV4YW1wbGWCEnd3dy5zYW1wbGUuZXhh
bXBsZTAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0OBBYEFCfhJFEoR9J0R4bH96krekM+
sS71MA0GCSqGSIb3DQEBCwUAA4IBAQADS8P8s0n7y9Ba0iJJOIZ5mu57QdClraD+
LNbFdughQjHKO1PQ5yEvPR7eSqueoNniUXvBNfapTnme3Fh+jJe8zExjmMglyDYj
igEP4Mq/qso1OzWLdRQQz9QMwhnEwA7O+K0uzmFqf6+gXDZAoCU1SjRujO1hIT5T
4QRxNGXSrDwx0dIBjQWlbpSAjoFrZbkdoodUOtoPcBQnZNrRYyaW5NFjpvi5CvNx
PyBCNjHdKuMVrR62hjM3nXGD4HzfhKAL+S0k5awoPg8l3q7P7vLvN59G8WpkuDpv
8tYfXfqF55I6tO4g3YX15ZICGkIjG+K0vOA6SN/D37TuzTbnzAhO
-----END CERTIFICATE-----
Specifications
- Format
- X.509 v3 (PEM, .crt)
- Subject
- CN=sample.example
- Key
- RSA 2048
- Note
- same certificate, .crt extension
- Sample Only
- true
What is a .crt file?
A .crt file holds an X.509 certificate, most often PEM-encoded (Base64 text) though sometimes DER binary. The extension is a convention for the public certificate half of a TLS identity, as opposed to the private .key file. It carries the subject, issuer, validity window, public key, and signature.
How to use this file
Use an example .crt to test certificate parsers, trust-store importers, and TLS tooling, or as input for .crt-to-.pem/.der conversion. Sample material only, self-signed and clearly labelled.
Related files
- csrCertificate Signing Request (CSR)A PKCS#10 certificate signing request (PEM) with the subject and SAN, self-signed by the RSA key to prove key possession — for testing CSR parsers and certificate-authority intake flows.

- keyEd25519 Private Key (PEM)An Ed25519 private key in PKCS#8 PEM, derived from a fixed seed — a published, sample-only modern elliptic-curve key for testing PEM parsers and Ed25519 tooling. Never use it for real.

- htpasswdhtpasswd (HTTP Basic Auth)An Apache/nginx .htpasswd file with two users hashed using the {SHA} scheme (Base64 SHA-1) — the sample passwords are documented in the file, for testing Basic-Auth credential parsers and hash identification.

- keyRSA 2048 Private Key (PEM)A 2048-bit RSA private key in unencrypted PKCS#8 PEM — a deliberately PUBLISHED, sample-only key for testing PEM key parsers and PKCS#8 decoders. Never use it for anything real.

- pubSSH Public Key (Ed25519)An OpenSSH-format Ed25519 public key (the shareable half of the key pair) — a single line of algorithm, Base64 key blob, and comment, for testing SSH public-key parsers and authorized_keys tooling.

- p12PKCS#12 Bundle (.p12)A PKCS#12 (.p12/PFX) bundle packaging the sample RSA key and certificate together, protected with the sample password 'novus-sample' — for testing keystore importers and PKCS#12 parsers. (The PKCS#12 MAC salt is random, so this file is intentionally not byte-stable.)

Generated by generation/pki_security.py. Free for any use, no attribution required — license.