Generate a CA-Signed Certificate

Get a certificate signed by the getaCert Certificate Authority. Useful for testing CA trust chains.

Domain
Identity
Options
Review

What domain or hostname is this certificate for?

Common Name (CN) *

Enter a fully qualified domain name (e.g. www.example.com) or use *.example.com for wildcard.

Add Subject Alternative Names (SANs) — optional extra domains or IPs

Alternative DNS Names

IP Address

The CN is automatically included as a SAN. Add extra DNS names or an IP address here.

Organization details (all optional, improves certificate subject)

Organization

Department (OU)

Country

State / Province

City / Locality

Certificate options

Key Type

RSA 2048 — Industry standard. Maximum compatibility with all browsers, servers, and devices. Good default choice.

RSA 4096 — Stronger RSA key. Required by some government and compliance standards (FIPS, NIST). Larger file size.

ECDSA P-256 — Elliptic curve. Much smaller keys and faster TLS handshakes. Widely supported in modern browsers.

ECDSA P-384 — Stronger elliptic curve. Required for CNSA suite compliance. Good balance of security and performance.

Ed25519 — Edwards curve. Smallest keys and fastest signing. Cutting-edge; not yet supported by all software.

Expiration

Free Certificates up to 30 days are free.

— Requires a one-time purchase via Stripe. You'll be redirected after clicking Generate.

Review your certificate details

Please fix the following before generating:

Common Name
SANs
Organization
Department
Email
Country
State / Province
City
Key Type
Expiration	Paid Free
Password	`password` (for private key and PKCS#12)

Certificates longer than 30 days require a one-time purchase (). You'll be securely redirected to Stripe to complete payment, then your certificate will be generated automatically.