Free Online Tools

DNS, Network &
SSL Certificate Tools

SPF, DKIM, DMARC, DNS, SSL checker, CSR decoder, certificate bundle builder and more β€” all from your browser, free forever.

πŸ“‹

SPF Record Lookup

Check if your domain has a valid Sender Policy Framework record and analyze its configuration.

πŸ’‘ What is SPF? SPF is a DNS TXT record that lists IPs authorized to send email for your domain. Format: v=spf1 include:... -all

πŸ”‘

DKIM Record Lookup

Verify your DKIM public key record by entering the selector and domain.

πŸ’‘ The DKIM record lives at selector._domainkey.yourdomain.com. Common selectors: default, google, mail, s1, s2

πŸ›‘οΈ

DMARC Record Lookup

Check your domain's DMARC policy β€” reject, quarantine, or monitor.

🌐

DNS Record Lookup

Query any DNS record type β€” A, AAAA, CNAME, TXT, NS, MX, SOA, CAA and more.

πŸ“§

MX Record Lookup

Find the mail servers responsible for accepting email for a domain.

πŸ”

WHOIS / Domain Info

Look up domain registration details, nameservers, and expiry dates via RDAP protocol.

πŸ“‘

Ping Test

Measure HTTP response latency to any host. Tests reachability and measures round-trip time.

πŸ”Œ

Port Check

Test if a specific TCP port is open on a given host. Useful for firewall and service diagnostics.

Common Ports

22SSH
25SMTP
80HTTP
443HTTPS
587SMTP TLS
993IMAPS
3306MySQL
5432Postgres
πŸ—ΊοΈ

Traceroute

Trace the network path and hops to a target host.

πŸ–₯️

My IP Address & Info

Find your public IP address along with geographic location, ISP, and connection details.

πŸ”’

SSL Certificate Checker

Check SSL/TLS certificate validity, expiry, issuer chain, and configuration for any domain.

πŸ’‘ Note: Browser security restricts direct TCP/TLS access. This tool uses public SSL APIs to fetch certificate details. For private/internal hosts, use openssl s_client -connect host:443 | openssl x509 -noout -text

πŸ“„

CSR Decoder

Decode and inspect a Certificate Signing Request (CSR). Paste your PEM-encoded CSR below to view the Subject, SANs, key size, and signature algorithm.

Paste Your CSR (.pem / .csr)

πŸ’‘ Generate CSR on Linux: openssl req -new -newkey rsa:2048 -nodes -keyout private.key -out request.csr

πŸ…

Certificate Decoder / X.509 Inspector

Decode any X.509 SSL certificate. View subject, issuer, validity period, SANs, key usage, and fingerprints.

Paste Your Certificate (.pem / .crt)

πŸ’‘ View cert from Linux: openssl x509 -in certificate.crt -text -noout

πŸ“¦

Certificate Bundle Builder

Combine your certificate, intermediate CA, and root CA into a properly ordered certificate bundle (.pem / .crt chain).

β‘  Your Domain Certificate (required)
β‘‘ Intermediate CA Certificate (if provided by CA)
β‘’ Root CA Certificate (optional)

πŸ’‘ Correct bundle order: Server Cert β†’ Intermediate β†’ Root CA. Nginx uses this in ssl_certificate. Apache uses SSLCertificateChainFile for intermediate only.

πŸ”

PFX / PKCS#12 File Creator

Combine your certificate, private key, and CA chain into a .pfx or .p12 file for use with IIS, Windows, Java keystores, and load balancers.

⚠️ Security Note: Your private key never leaves your browser β€” all processing is done 100% client-side in JavaScript. We never transmit or store your private key.
β‘  Private Key (.key / .pem)
β‘‘ Certificate (.crt / .pem)
β‘’ CA Chain / Intermediate (optional)

πŸ–₯️ Generate PFX via OpenSSL (recommended for production):

openssl pkcs12 -export \ -out certificate.pfx \ -inkey private.key \ -in certificate.crt \ -certfile ca-bundle.crt \ -name "example.com"