Certificate Decoder
Decode PEM-encoded X.509 certificates to view subject, issuer, validity dates, signature algorithm, and extensions. All parsing happens in your browser.
How to Use the Certificate Decoder
- Paste a PEM-encoded certificate (starting with -----BEGIN CERTIFICATE-----).
- Click the Decode Certificate button.
- Review the decoded information including subject, issuer, and validity dates.
- Check extensions like Subject Alt Names and Key Usage for detailed certificate properties.
About Certificate Decoder
X.509 is the standard format for public key certificates used in TLS/SSL, code signing, email encryption, and many other security protocols. A PEM-encoded certificate wraps the DER-encoded binary data in Base64 with header and footer lines. This tool decodes the ASN.1 structure of X.509 certificates to extract essential fields: the subject (who the certificate belongs to), issuer (the Certificate Authority), serial number, validity period, signature algorithm, public key information, and extensions such as Subject Alternative Names (SANs), Key Usage, and Basic Constraints. Understanding certificate contents is essential for debugging TLS issues, verifying certificate chains, and security auditing.
Frequently Asked Questions
PEM (Privacy Enhanced Mail) is a Base64-encoded format for certificates, enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- markers. It is the most common format for certificates on web servers.
Yes, all certificate parsing happens entirely in your browser using JavaScript. The certificate data never leaves your device. Public certificates do not contain sensitive private key material.
SANs are an X.509 extension that specifies additional domains and IP addresses the certificate is valid for. Modern certificates use SANs instead of the Common Name (CN) field for domain validation.