Initial commit: CertTools SSL certificate toolkit

Made-with: Cursor

README.md

@@ -0,0 +1,115 @@
+# CertTools — SSL Certificate Toolkit
+
+Web service for SSL/TLS certificate processing: decode PFX, analyze PEM certificates, verify certificate chains, match keys to certificates, and decode CSRs.
+
+## Features
+
+- **PFX/PKCS#12 Decoder** — Upload a `.pfx` / `.p12` file with password to extract the full certificate chain and private key
+- **Certificate Decoder** — Paste PEM to view subject, issuer, validity, SANs, fingerprints, key usage, and more
+- **Key Matcher** — Verify that a private key matches a certificate (RSA modulus comparison)
+- **CSR Decoder** — Decode Certificate Signing Requests with signature verification
+- **Chain Verifier** — Validate certificate chain order and trust links
+
+## Tech Stack
+
+- **Backend:** Node.js, Express, TypeScript, node-forge
+- **Frontend:** React, TypeScript, Vite, Tailwind CSS
+- **Icons:** Lucide React
+
+## Quick Start (Development)
+
+```bash
+# Install all dependencies
+npm run install:all
+npm install
+
+# Start both server and client in dev mode
+npm run dev
+```
+
+Server runs on `http://localhost:3001`, client on `http://localhost:5173` (with API proxy).
+
+## Production Build & Deployment
+
+```bash
+# 1. Install dependencies
+cd server && npm install --production
+cd ../client && npm install && npm run build
+cd ..
+
+# 2. Start production server
+cd server
+NODE_ENV=production PORT=3001 node -e "require('tsx/cjs'); require('./src/index.ts')"
+
+# Or build server first:
+cd server && npx tsc && NODE_ENV=production PORT=3001 node dist/index.js
+```
+
+In production the Express server serves the built frontend from `client/dist/`.
+
+### Environment Variables
+
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `PORT` | `3001` | Server port |
+| `NODE_ENV` | — | Set to `production` to serve static frontend |
+
+### Reverse Proxy (nginx)
+
+```nginx
+server {
+    listen 443 ssl;
+    server_name certs.example.com;
+
+    ssl_certificate     /path/to/cert.pem;
+    ssl_certificate_key /path/to/key.pem;
+
+    location / {
+        proxy_pass http://127.0.0.1:3001;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+        client_max_body_size 10m;
+    }
+}
+```
+
+## Project Structure
+
+```
+cert-tools/
+├── server/                  # Express API
+│   └── src/
+│       ├── index.ts         # Server entry point
+│       ├── routes/
+│       │   └── certificates.ts  # API endpoints
+│       └── services/
+│           └── certService.ts   # Certificate processing logic
+├── client/                  # React frontend
+│   └── src/
+│       ├── App.tsx          # Main app with tool navigation
+│       ├── api.ts           # API client
+│       ├── types.ts         # Shared TypeScript types
+│       └── components/
+│           ├── Header.tsx
+│           ├── FileUpload.tsx
+│           ├── CopyButton.tsx
+│           ├── CertificateInfo.tsx
+│           ├── PfxDecoder.tsx
+│           ├── PemDecoder.tsx
+│           ├── KeyMatcher.tsx
+│           ├── CsrDecoder.tsx
+│           └── ChainVerifier.tsx
+└── package.json             # Root scripts
+```
+
+## API Endpoints
+
+| Method | Path | Description |
+|--------|------|-------------|
+| POST | `/api/decode/pfx` | Decode PFX file (multipart: `file` + `password`) |
+| POST | `/api/decode/pem` | Decode PEM certificate(s) (JSON: `{ pem }`) |
+| POST | `/api/decode/csr` | Decode CSR (JSON: `{ pem }`) |
+| POST | `/api/match` | Match cert & key (JSON: `{ certificate, privateKey }`) |
+| POST | `/api/chain/verify` | Verify cert chain (JSON: `{ pem }`) |