Skip to content
DevKit Labs

X.509 / SSL Certificate Decoder

Decode a PEM certificate to read its subject, issuer, validity, SANs and fingerprints — in your browser.

PEM certificate

About X.509 / SSL Certificate Decoder

Paste a PEM-encoded X.509 certificate (the -----BEGIN CERTIFICATE----- block) and see its contents in a readable form: the subject and issuer distinguished names, validity period with a valid/expired status, Subject Alternative Names, serial number, version, signature algorithm, public-key type and size, and SHA-1 and SHA-256 fingerprints.

The certificate is parsed entirely in your browser — it's never uploaded — so it's safe for internal or private certificates. This tool reads a certificate you already have; it doesn't fetch a certificate from a live server.

Decode a cert

Input
-----BEGIN CERTIFICATE-----
MIIC…
-----END CERTIFICATE-----
Output
Subject CN=example.com · Issuer CN=example.com · valid 1 year · SHA-256 fingerprint …

Load the sample to see a decoded self-signed certificate.

Frequently asked questions

What certificate format does it accept?

PEM-encoded X.509 certificates — the Base64 block between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----.

What details does it show?

Subject and issuer, validity dates and status, Subject Alternative Names, serial number, version, signature algorithm, public-key type/size, and SHA-1 and SHA-256 fingerprints.

Can it fetch a certificate from a website?

No. This tool decodes a certificate you paste in. Fetching a live server's certificate requires a network connection to that server, which a browser tool can't do directly.

Is my certificate uploaded anywhere?

No. Parsing happens entirely in your browser, so it's safe for private certificates.

Related tools

References