What is a certificate decoder?

A certificate decoder (also called an X.509 viewer or PEM decoder) parses the ASN.1 DER binary structure of an SSL/TLS certificate and presents its fields in a human-readable format — subject, issuer, validity dates, Subject Alternative Names, public key details, and fingerprints.

What formats does this tool support?

The tool supports PEM-encoded certificates (-----BEGIN CERTIFICATE-----), raw Base64, and hex-encoded DER binary. For files, it accepts .pem, .crt, .cer, .der, .p7b, and .csr extensions.

Is my certificate uploaded to a server?

No. All decoding happens entirely in your browser using JavaScript. Your certificate data never leaves your device. This makes it safe to decode certificates containing sensitive information.

What is the difference between a certificate and a CSR?

A certificate (X.509) is a signed document issued by a Certificate Authority (CA) that binds a public key to an identity. A CSR (Certificate Signing Request) is an unsigned request you send to a CA, containing the public key and identity information you want certified.

What are Subject Alternative Names (SANs)?

Subject Alternative Names (SANs) are domain names and IP addresses that the certificate is valid for. Modern TLS certificates list all valid domains in the SANs extension rather than relying on the Common Name (CN) alone.

How do I check if my certificate is expired?

After decoding, the Validity section shows the "Not before" and "Not after" dates. The status badge in the top-right of the results panel will show "Expired" in red, "Expiring Soon" in orange, or "Valid" in green.

Workspace

Your data stays local.

Choose input type

Certificate input

Supports PEM blocks (certificates, CSRs, PKCS#7, keys), raw Base64, or hex-encoded DER.

Password (if needed)

Leave blank if the file or key is not encrypted.

Decoded output

Paste a certificate or select a file to decode it.

Letters to Numbers

Trusted Conversion Tools

Certificate Decoder

Our free Certificate Decoder instantly parses SSL/TLS certificates, CSRs, PKCS#7 chains, and private keys — displaying subject, issuer, validity dates, Subject Alternative Names, key algorithm, key size, fingerprints, and more, entirely in your browser with no uploads.

Who Is It For?

DevOps & Site Reliability Engineers

Quickly inspecting SSL/TLS certificates on servers to verify expiry dates, SANs, and issuer chains without needing openssl commands.

Security Engineers & Pentesters

Analysing certificates during security assessments to spot weak key sizes, expired certs, or misconfigured SANs.

Web Developers

Debugging HTTPS configuration issues by decoding certificates to confirm the correct domain names and validity periods.

Certificate Authority Users

Verifying CSR contents before submitting them to a CA, ensuring the correct CN, SANs, and key algorithm are present.

IT Administrators

Auditing internal PKI infrastructure certificates to track expiry and ensure compliance with security policies.

How It Works

Paste a PEM block, raw Base64, or hex-encoded DER certificate, CSR, or private key into the text area — or switch to "File / binary" mode and drop a .pem, .crt, .cer, .der, .p7b, or .pfx file. Click "Decode" and the tool parses the ASN.1 structure entirely in your browser, displaying the subject, issuer, validity dates, SANs, public key details, signature algorithm, and all extensions in a clean grouped panel. No data is ever sent to a server.

Features

Decodes X.509 certificates, CSRs (certificate signing requests), and PKCS#7 chains
Supports PEM blocks, raw Base64, and hex-encoded DER input
File / binary mode accepts .pem, .crt, .cer, .der, .p7b, and .pfx files
Displays subject, issuer, serial number, validity dates, and fingerprints (SHA-1, SHA-256)
Shows all Subject Alternative Names (SANs) and key usage extensions
Public key details: algorithm, key size, and curve (for EC keys)
100% browser-based — your certificate data never leaves your device
Optional password field for encrypted PFX/P12 files

Other Tools

Explore more tools by clicking the + button above

Letters to Numbers Converter

Convert letters to numbers using A1Z26 cipher

A1Z26 Translator

Translate letters to numbers with the A1Z26 alphabet

A1Z26 Decoder and Encoder

Encode letters to A1Z26 numbers and decode numbers back to letters instantly

A0Z25 Cipher Translator

Convert text using A0Z25 cipher encoding

A0Z25 Decoder

Decode A0Z25 encoded numbers back to letters instantly

Your Privacy Matters

All processing happens in your browser. We never store, send, or log your data. Completely private and secure.