Hybrid Cert Generator

Why Hybrid Certificates?

During the PQC transition, you need certificates that work with both legacy and post-quantum systems. Hybrid certificates contain two signatures:

• Classical signature (ECDSA or RSA) for backwards compatibility
• PQC signature (ML-DSA) for quantum resistance

Systems that understand PQC verify both. Legacy systems verify only the classical signature.

What You'll Get

• Web form to specify certificate parameters
• Choose algorithm combinations (ECDSA+ML-DSA, RSA+ML-DSA)
• Download PEM or DER format
• Full certificate chains (Root → Issuing → End-entity)
• Test with your applications before SPORK deployment

Use Cases

• TLS Testing — Verify your servers handle hybrid chains
• S/MIME Testing — Test email clients with PQC signatures
• Code Signing — Validate your build pipeline
• Client Testing — Check browser and library compatibility