# CertTools — SSL Certificate Toolkit

Web service for SSL/TLS certificate processing: decode PFX, analyze PEM certificates, verify certificate chains, match keys to certificates, and decode CSRs.

## Features

- **PFX/PKCS#12 Decoder** — Upload a `.pfx` / `.p12` file with password to extract the full certificate chain and private key
- **Certificate Decoder** — Paste PEM to view subject, issuer, validity, SANs, fingerprints, key usage, and more
- **Key Matcher** — Verify that a private key matches a certificate (RSA modulus comparison)
- **CSR Decoder** — Decode Certificate Signing Requests with signature verification
- **Chain Verifier** — Validate certificate chain order and trust links

## Tech Stack

- **Backend:** Node.js, Express, TypeScript, node-forge
- **Frontend:** React, TypeScript, Vite, Tailwind CSS
- **Icons:** Lucide React

## Quick Start (Development)

```bash
# Install all dependencies
npm run install:all
npm install

# Start both server and client in dev mode
npm run dev
```

Server runs on `http://localhost:3001`, client on `http://localhost:5173` (with API proxy).

## Production Build & Deployment

```bash
# 1. Install dependencies
cd server && npm install --production
cd ../client && npm install && npm run build
cd ..

# 2. Start production server
cd server
NODE_ENV=production PORT=3001 node -e "require('tsx/cjs'); require('./src/index.ts')"

# Or build server first:
cd server && npx tsc && NODE_ENV=production PORT=3001 node dist/index.js
```

In production the Express server serves the built frontend from `client/dist/`.

### Environment Variables

| Variable | Default | Description |
|----------|---------|-------------|
| `PORT` | `3001` | Server port |
| `NODE_ENV` | — | Set to `production` to serve static frontend |

### Reverse Proxy (nginx)

```nginx
server {
    listen 443 ssl;
    server_name certs.example.com;

    ssl_certificate     /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;

    location / {
        proxy_pass http://127.0.0.1:3001;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        client_max_body_size 10m;
    }
}
```

## Project Structure

```
cert-tools/
├── server/                  # Express API
│   └── src/
│       ├── index.ts         # Server entry point
│       ├── routes/
│       │   └── certificates.ts  # API endpoints
│       └── services/
│           └── certService.ts   # Certificate processing logic
├── client/                  # React frontend
│   └── src/
│       ├── App.tsx          # Main app with tool navigation
│       ├── api.ts           # API client
│       ├── types.ts         # Shared TypeScript types
│       └── components/
│           ├── Header.tsx
│           ├── FileUpload.tsx
│           ├── CopyButton.tsx
│           ├── CertificateInfo.tsx
│           ├── PfxDecoder.tsx
│           ├── PemDecoder.tsx
│           ├── KeyMatcher.tsx
│           ├── CsrDecoder.tsx
│           └── ChainVerifier.tsx
└── package.json             # Root scripts
```

## API Endpoints

| Method | Path | Description |
|--------|------|-------------|
| POST | `/api/decode/pfx` | Decode PFX file (multipart: `file` + `password`) |
| POST | `/api/decode/pem` | Decode PEM certificate(s) (JSON: `{ pem }`) |
| POST | `/api/decode/csr` | Decode CSR (JSON: `{ pem }`) |
| POST | `/api/match` | Match cert & key (JSON: `{ certificate, privateKey }`) |
| POST | `/api/chain/verify` | Verify cert chain (JSON: `{ pem }`) |