Decode an SSL certificate or CSR

A certificate or CSR looks like an opaque block of Base64, but it is just structured data in a text wrapper. Decoding it reveals exactly what a CA will issue, or what is already deployed, and catches mistakes before they cause an outage.

What is inside a certificate

Decode a certificate and you get a set of fields worth knowing:

Subject — who the certificate is for, including the Common Name.
Subject Alternative Names (SAN) — the full list of hostnames the certificate covers. Modern browsers ignore the Common Name and trust only the SAN, so a hostname missing here is the cause of many name-mismatch errors.
Issuer — the CA that signed it.
Validity — the not-before and not-after dates.
Public key — the type and size, like RSA 2048 or EC P-256.
Signature algorithm and serial number.

What is inside a CSR

A Certificate Signing Request is what you send to a CA to request a certificate. Decoding it before submission lets you confirm the subject and SAN list are exactly right, and that the key size meets requirements. A typo in the domain or a forgotten SAN here becomes a wrong certificate later, so this two-minute check saves a reissue.

The privacy point

Plenty of sites offer to decode certificates, but pasting a CSR or certificate into a remote service is an unnecessary exposure, and for anything containing a key it is a real risk. Decoding is pure parsing and needs no server. The SSL & CSR Decoder reads the fields entirely in your browser, uploading nothing. To understand each field in more depth, see how to read an SSL certificate and what's inside a CSR, byte by byte.