🌐

Certificate Decoder

Decode a PEM certificate — subject, SANs, expiry, fingerprints.

How it works

Paste an SSL/TLS certificate (a -----BEGIN CERTIFICATE----- block) to read what's inside it: who it was issued to and by, when it expires, which domains it covers, the key type and its fingerprints.

Get one from a server with: openssl s_client -connect example.com:443 | openssl x509

🔒 Parsed with the Web Crypto API in your browser — the certificate, CSR, and especially your private key are never uploaded.

🔒 Parsed in your browser: certificates, CSRs and private keys are decoded locally with the Web Crypto API and are never sent to a server — unlike most online SSL tools, which ask you to upload them. Still, treat any private key you paste online as sensitive.

Related Networking tools