SSL & CSR Decoder
Paste a PEM certificate or CSR and read subject, issuer, validity, SANs, and fingerprints locally.
About the SSL & CSR Decoder
The SSL and CSR Decoder parses PEM blocks you paste and shows the fields in plain language: subject, issuer, validity window, serial number, signature algorithm, public key size, SHA-256 fingerprint, and subject alternative names. It accepts X.509 certificates and certificate signing requests (CSRs) in standard PEM format.
Use it when you have a cert file or CSR from a CA workflow and need to confirm the common name, SAN list, or expiry before installing it. It is faster than openssl x509 -text when you only need the highlights and do not want to leave the browser.
Everything runs locally with node-forge in your browser. The PEM you paste is parsed on this page and is never uploaded, logged, or sent to any server. That makes it safe for production certificates and internal CSRs that contain hostnames you would rather not share.
For live certificates served by a remote host, use the SSL Checker. To confirm a private key belongs to a certificate, use Key Matcher.
Reach developers and designers who use these tools every day. Privacy-first, no trackers.
Frequently asked questions
What PEM formats are supported?
Standard PEM wrapped certificates (BEGIN CERTIFICATE) and certificate signing requests (BEGIN CERTIFICATE REQUEST). Paste the full block including the header and footer lines.
Is my certificate uploaded anywhere?
No. Parsing happens entirely in your browser with JavaScript. Nothing you paste leaves your machine.
Can it decode private keys?
No. This tool decodes certificates and CSRs only. Private keys should not be pasted into general purpose tools unless you trust the environment. Use Key Matcher when you need to compare a key to a cert.
Why does decoding fail?
The input is not valid PEM, the base64 is corrupted, or the block is a format this tool does not handle (such as PKCS#12 or DER without PEM headers). Ensure you copied the complete BEGIN/END block.
How is the fingerprint calculated?
The SHA-256 fingerprint is computed from the DER encoding of the certificate, formatted as colon-separated hex pairs, matching the convention used by most certificate tooling.