How to Decode X.509 Certificates
Certificate Decoding
When to Decode Certificates
Inspect TLS certificates from servers, decode PEM blocks from config files, or verify subject, issuer, validity dates, and SAN entries during SSL troubleshooting. Paste a PEM-encoded certificate to see parsed fields without openssl on the command line.
Supported Input Formats
Paste PEM certificates wrapped in -----BEGIN CERTIFICATE----- headers. The decoder extracts common name, organization, serial number, validity window, signature algorithm, and Subject Alternative Names for quick inspection.
Developer Tips
- Compare expiry dates before certificate rotation incidents
- Verify SAN entries cover all domains your service serves
- CLI equivalent:
openssl x509 -in cert.pem -text -noout
Frequently asked questions
Is my certificate sent to a server?
No. Decoding runs entirely in your browser. Clear the page after inspecting sensitive certificates on shared machines.
Can I decode private keys?
This tool focuses on X.509 certificates. Private keys require separate handling and should never be shared or pasted on untrusted pages.