About CertMan

CertMan is a native macOS utility that simplifies the generation of Certificate Signing Requests (CSR) files, Self-Signed Certificates, and SSH key pairs. Built for professionals who need SSL/TLS certificates and secure SSH authentication but don't want to memorize OpenSSL commands, CertMan provides a clean, user-friendly interface while maintaining the security and standards of industry-grade cryptography.

Why CertMan?

Traditional CSR generation, self-signed certificate creation, and SSH key generation require mastering complex OpenSSL command-line syntax, remembering cryptographic parameters, and manually managing file outputs. One typo can invalidate an entire certificate request. Online CSR generators require uploading sensitive information to third-party servers, compromising security and privacy.

CertMan eliminates this complexity while keeping your private keys exactly where they belong—on your Mac. With intelligent validation, automatic country detection, and one-click clipboard copying, CertMan transforms tedious technical processes into simple form-filling experiences.

Simple CSR Generation

One-Click Creation

Fill in seven straightforward fields and click "Create CSR + Private Key." CertMan handles all the OpenSSL complexity behind the scenes, generating both files simultaneously with proper formatting and naming. Save hours of documentation reading and eliminate syntax errors.

Industry-Standard Encryption

Every private key uses 2048-bit RSA encryption—the gold standard accepted by all major Certificate Authorities including Let's Encrypt, DigiCert, Sectigo, and GoDaddy. Guaranteed compatibility with any CA means no rejected certificate requests due to weak encryption or incorrect formats.

Intelligent Country Detection

CertMan automatically selects your country based on your Mac's system locale, populating the Country field with your national flag and standard two-letter code. Faster form completion and reduced errors mean one less field to worry about.

Self-Signed Certificate Generation

Quick Development Certificates

Generate self-signed certificates instantly for development and testing environments. Perfect for local HTTPS testing, internal tools, and staging servers where trusted CA certificates aren't required.

Flexible Validity Periods

Choose custom validity periods for your self-signed certificates, from days to years. Generate certificates that match your development cycle or testing requirements without renewal hassles.

Complete Certificate Chain

CertMan generates both the certificate and private key in a single operation, providing everything you need to configure HTTPS on development servers, testing environments, or internal applications.

SSH Key Pair Generation

Multiple Key Types Supported

Generate SSH key pairs using RSA (2048/4096-bit), ECDSA (256/384/521-bit), or Ed25519 algorithms. Choose the right cryptographic strength and performance balance for your security requirements.

Seamless Remote Access Setup

Create SSH keys for secure server authentication, Git repository access, and automated deployment pipelines. No more remembering ssh-keygen command syntax or key size parameters.

Public Key Export

Instantly copy your public key to clipboard for easy addition to authorized_keys files, GitHub/GitLab accounts, or cloud server configurations. Private keys stay securely on your Mac.

Smart Features

Comprehensive Input Validation

Before generating any files, CertMan validates domain name format (must contain a period), email address format (must contain @ symbol), all required fields populated, and country selection confirmed. Prevent invalid CSRs before they're created with no wasted submissions to Certificate Authorities.

Organized File Management

CertMan creates a dedicated folder in your Downloads directory named after your domain. If the folder already exists, it automatically appends numbers macOS Finder-style: example.com (1), example.com (2), etc. Never accidentally overwrite existing keys with an organized file structure that makes certificate management effortless.

One-Click Clipboard Copy

After successful CSR generation, click "Copy CSR to Clipboard" to instantly copy the certificate request contents—ready to paste directly into any Certificate Authority's submission form. Eliminate the manual steps of opening files, selecting text, and copying to submit to CAs in seconds.

Complete Privacy and Security

Local-Only Processing

CertMan runs entirely offline with zero network access. All CSR generation happens locally using your Mac's built-in OpenSSL. Private keys never leave your device, ensuring total privacy and security with no third-party servers, no data transmission, and no cloud storage.

App Sandbox Compliance

CertMan operates within Apple's strict App Sandbox security framework with limited file system access (Downloads folder only). It meets all App Store security requirements, providing trusted, verified security architecture with no unauthorized file access or system modifications.

Transparent Operations

The success dialog shows the exact OpenSSL command executed, uses macOS built-in OpenSSL (industry-standard, audited), and makes all file creation and folder management fully visible to you. Complete transparency means you always know what's happening.

Native macOS Integration

Feels Like a Mac App

CertMan features standard menu bars, keyboard shortcuts (Cmd+N, Cmd+Q), dock integration, and an About panel. Window reopening clears all fields for fresh requests, providing a familiar, intuitive interface with no learning curve if you're already a Mac user.

Supported Countries

Choose from 27 countries including Australia, Austria, Belgium, Brazil, Canada, China, Denmark, Finland, France, Germany, Ireland, Italy, Japan, South Korea, Mexico, Netherlands, New Zealand, Norway, Poland, Russia, Singapore, South Africa, Spain, Sweden, Switzerland, United Kingdom, and United States. Each displays with national flag emoji, full country name, and standard two-letter ISO code.

Simple Four-Step Process

Step 1: Enter Certificate Information

Fill in seven fields: Domain Name (e.g., example.com), Organisation (your company name), Department (e.g., IT, Engineering, Web Services), City (e.g., San Francisco), State/Province (e.g., California), Country (auto-detected with flag, 27 countries available), and Email Address (contact email for certificate).

Step 2: Click Create

CertMan validates all inputs and generates both files using OpenSSL with industry-standard parameters, creating industry-standard 2048-bit RSA keys in PEM format.

Step 3: Review Success

A confirmation dialog shows file output location (~/Downloads/{domain_name}/), the OpenSSL command executed (for transparency), and a "Copy CSR to Clipboard" button.

Step 4: Submit

Click "Copy CSR to Clipboard" and paste the contents directly into your Certificate Authority's submission form. Your private key remains safely on your Mac.

Perfect For

• Web Developers: Deploying SSL certificates for websites and applications, generating self-signed certificates for local development, and managing SSH keys for deployment workflows without terminal complexity
• System Administrators: Managing multiple domain certificates with consistent, error-free generation, creating SSH keys for server access, and generating development certificates for internal systems
• DevOps Engineers: Quick CSR generation for certificate provisioning workflows, SSH key creation for CI/CD pipelines, and self-signed certificates for staging environments with audit-friendly transparency
• Small Business Owners: Securing websites without technical expertise or security risks, setting up secure server access with SSH keys
• IT Departments: Standardizing certificate request procedures across teams, managing SSH key generation for remote access, and provisioning development certificates
• Security Engineers: Testing certificate workflows with rapid CSR generation, creating SSH keys for penetration testing, and generating self-signed certificates for security research

Technical Specifications

Cryptographic Standards

CSR Generation: RSA (Rivest-Shamir-Adleman) with 2048-bit key length. Output formats include PEM-encoded private key and PEM-encoded PKCS#10 certificate request. Keys are generated without passphrase encryption (-nodes flag) for immediate server deployment compatibility.

Self-Signed Certificates: RSA with 2048-bit key length, X.509 format with customizable validity periods. Generates both certificate (.crt) and private key (.key) files in PEM format.

SSH Key Pairs: Support for RSA (2048/4096-bit), ECDSA (256/384/521-bit curves), and Ed25519 (256-bit) algorithms. Generates standard OpenSSH format key pairs with optional passphrases.

File Output

CSR Files: Saved to ~/Downloads/{domain_name}/ containing {domain_name}.key (private key, 2048-bit RSA, PEM format) and {domain_name}.csr (certificate signing request, PKCS#10, PEM format).

Self-Signed Certificates: Saved to ~/Downloads/{domain_name}/ containing {domain_name}.crt (certificate, X.509, PEM format) and {domain_name}.key (private key, 2048-bit RSA, PEM format).

SSH Keys: Saved to ~/Downloads/ssh_keys/{key_name}/ containing private key and .pub public key in OpenSSH format.

Certificate Fields

Common Name (CN): Domain name, Organization (O): Company name, Organizational Unit (OU): Department, Locality (L): City, State/Province (ST): State or province, Country (C): Two-letter country code, and emailAddress: Contact email.

Get Started Today

CertMan bridges the gap between command-line complexity and user-friendly design, delivering professional-grade CSR generation, self-signed certificate creation, and SSH key pair generation through an intuitive native macOS interface.

Whether you're a seasoned system administrator tired of typing OpenSSL commands, a developer setting up local HTTPS environments, or a DevOps engineer managing SSH keys for deployment pipelines, CertMan provides the simplicity, security, and reliability you need for professional certificate and key management.

Download CertMan from the Mac App Store and simplify your SSL certificate and SSH key workflow today.