Paste a PEM certificate or CSR, or upload a file — decoded locally to plain text, nothing leaves your browser
Supports PEM and binary DER, multiple certificates (chains) and CSRs. Paste or upload — decoding is automatic.
Paste a PEM certificate or drop a .crt/.cer/.pem/.der file and this tool decodes it into plain text in your browser: the subject and issuer, validity period with the remaining days highlighted, Subject Alternative Names (SAN), serial number, signature algorithm, public key type and size, SHA-1 and SHA-256 fingerprints, and key usage / extended key usage. It mirrors what openssl x509 -noout -text would print.
Parsing happens entirely client-side with pkijs and asn1js — the certificate never leaves your browser and no request is made. Paste a full chain to inspect every certificate in turn, or paste a CSR (-----BEGIN CERTIFICATE REQUEST-----) to read its subject, SAN and public key before submitting it to a CA.
No. Certificates and CSRs are decoded entirely in your browser with WebCrypto and pkijs; nothing is sent over the network. You can confirm this in your browser's Network panel — decoding makes zero requests.
PEM (-----BEGIN CERTIFICATE----- or -----BEGIN CERTIFICATE REQUEST-----) and binary DER (.der/.cer). You can paste text or upload .crt/.cer/.pem/.der files. Paste several PEM blocks at once to decode a full certificate chain.
Yes. Subject, issuer, validity, SAN, serial number and SHA-1 / SHA-256 fingerprints match openssl x509 -in cert.pem -noout -text and -fingerprint. The SHA-256 fingerprint is the hash of the full DER certificate.
A certificate is marked Expired once the current time is past notAfter, Expiring soon when it expires within 30 days, and Valid otherwise. A certificate whose notBefore is in the future is marked Not yet valid.