SSL Certificate Decoder
Paste a PEM certificate, a full chain, or a CSR — subject, issuer, expiry with days remaining, SANs, key usage, public key details and fingerprints are decoded by a built-in ASN.1 parser. Your certificate never leaves the browser.
About this tool
Decodes X.509 certificates and certificate signing requests with a hand-written ASN.1 DER parser — no library, no server-side decoding. It walks the raw DER structure (SEQUENCE, SET, OIDs, UTCTime/GeneralizedTime, BIT STRING and context tags) to extract the subject and issuer distinguished names, validity window with days-remaining and expiry warnings, serial number, signature algorithm, public key type and size, Subject Alternative Names, key usage and basic constraints. SHA-256 and SHA-1 fingerprints are computed over the DER bytes with the browser's native WebCrypto.
Certificates — and especially private CSRs — never leave this page. There is no upload, no server and no tracking of tool inputs, so it is safe to inspect internal or pre-production certificates here.