X.509 Certificate (PEM)
A self-signed X.509 v3 certificate in PEM (Base64) encoding with a SAN and key-usage extensions — published sample material for testing certificate and TLS parsers. Not a real identity.
-----BEGIN CERTIFICATE-----
MIIDgzCCAmugAwIBAgIITk9WVVNFWEEwDQYJKoZIhvcNAQELBQAwSDELMAkGA1UE
BhMCVVMxIDAeBgNVBAoMF05vdnVzIEV4YW1wbGVzIChTYW1wbGUpMRcwFQYDVQQD
DA5zYW1wbGUuZXhhbXBsZTAeFw0yNjAxMDEwMDAwMDBaFw0zNjAxMDEwMDAwMDBa
MEgxCzAJBgNVBAYTAlVTMSAwHgYDVQQKDBdOb3Z1cyBFeGFtcGxlcyAoU2FtcGxl
KTEXMBUGA1UEAwwOc2FtcGxlLmV4YW1wbGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDVYX/9q9aj3LffeA6qgRpQThR90RprignfD6G58QdlfCbs1czA
TJYL4ayoSbGA7YqVFqnzdo6SJsYfhZXnUfix7TQ4tO33C1l7pwkKp9yW/+ClIf90
PG6VZKRkWyD2inJSooR7uT8TUlsQ8J/mhif77RDYVLZO3SkIgOeovv9leo56DsdZ
NjG9nJ4jD4ySsabKelY83liABb/Bk5aIFdRFdoVsTvzC3RYK7SFj5Kyyl8PDJnDG
++8dAdJ1yWZ5TRw/3e3OyPNzTMZflm6wBG5kC0cE3KAawmuHFsQcdfRVsL5sxBMg
XS0HHaJwDOAtRAUfD1oUewiNymvH9xt+o2fVAgMBAAGjcTBvMA8GA1UdEwEB/wQF
MAMBAf8wLQYDVR0RBCYwJIIOc2FtcGxlLmV4YW1wbGWCEnd3dy5zYW1wbGUuZXhh
bXBsZTAOBgNVHQ8BAf8EBAMCAaYwHQYDVR0OBBYEFCfhJFEoR9J0R4bH96krekM+
sS71MA0GCSqGSIb3DQEBCwUAA4IBAQADS8P8s0n7y9Ba0iJJOIZ5mu57QdClraD+
LNbFdughQjHKO1PQ5yEvPR7eSqueoNniUXvBNfapTnme3Fh+jJe8zExjmMglyDYj
igEP4Mq/qso1OzWLdRQQz9QMwhnEwA7O+K0uzmFqf6+gXDZAoCU1SjRujO1hIT5T
4QRxNGXSrDwx0dIBjQWlbpSAjoFrZbkdoodUOtoPcBQnZNrRYyaW5NFjpvi5CvNx
PyBCNjHdKuMVrR62hjM3nXGD4HzfhKAL+S0k5awoPg8l3q7P7vLvN59G8WpkuDpv
8tYfXfqF55I6tO4g3YX15ZICGkIjG+K0vOA6SN/D37TuzTbnzAhO
-----END CERTIFICATE-----
Specifications
- Format
- X.509 v3 (PEM)
- Subject
- CN=sample.example
- Key
- RSA 2048
- Signature
- sha256WithRSA
- Self Signed
- true
- Sample Only
- true
What is a .pem file?
PEM (Privacy-Enhanced Mail) is a text container that Base64-encodes DER binary data between BEGIN/END header lines, used to hold X.509 certificates, certificate requests, and keys. A single .pem file may contain a certificate, a chain, or a private key, which makes it the most common format for TLS material.
How to use this file
Use an example .pem certificate to test X.509 and TLS parsers, PEM decoders, certificate-chain validators, and PEM-to-DER converters. This is published sample material — never a real production key.
Related files
- csrCertificate Signing Request (CSR)A PKCS#10 certificate signing request (PEM) with the subject and SAN, self-signed by the RSA key to prove key possession — for testing CSR parsers and certificate-authority intake flows.

- keyEd25519 Private Key (PEM)An Ed25519 private key in PKCS#8 PEM, derived from a fixed seed — a published, sample-only modern elliptic-curve key for testing PEM parsers and Ed25519 tooling. Never use it for real.

- htpasswdhtpasswd (HTTP Basic Auth)An Apache/nginx .htpasswd file with two users hashed using the {SHA} scheme (Base64 SHA-1) — the sample passwords are documented in the file, for testing Basic-Auth credential parsers and hash identification.

- keyRSA 2048 Private Key (PEM)A 2048-bit RSA private key in unencrypted PKCS#8 PEM — a deliberately PUBLISHED, sample-only key for testing PEM key parsers and PKCS#8 decoders. Never use it for anything real.

- pubSSH Public Key (Ed25519)An OpenSSH-format Ed25519 public key (the shareable half of the key pair) — a single line of algorithm, Base64 key blob, and comment, for testing SSH public-key parsers and authorized_keys tooling.

- p12PKCS#12 Bundle (.p12)A PKCS#12 (.p12/PFX) bundle packaging the sample RSA key and certificate together, protected with the sample password 'novus-sample' — for testing keystore importers and PKCS#12 parsers. (The PKCS#12 MAC salt is random, so this file is intentionally not byte-stable.)

Generated by generation/pki_security.py. Free for any use, no attribution required — license.