Home > Resources > Tools > Certificate Decoder

Certificate Decoder

To decode a certificate, copy and paste or drag and drop a .crt, .cer, .pem, or .der file into the box below.
More Information About the Certificate Decoder

The Certificate Decoder reads any X.509 certificate and shows you what's inside — useful for verifying a certificate was issued correctly, checking validity dates, or troubleshooting hostname mismatches.

The decoder extracts and displays:

  • Subject — Common Name, Organization, Organizational Unit, Locality, State, and Country.
  • Issuer — the Certificate Authority that signed the certificate.
  • Validity window — Not Before / Not After dates and days remaining before expiry.
  • Subject Alternative Names — every DNS, IP, or email entry the certificate covers.
  • Key algorithm and size — RSA, ECC, or DSA, with key length in bits or curve name.
  • Signature algorithm — flags weak hashes like SHA-1 or MD5.
  • Fingerprints — SHA-256 and SHA-1 for matching against issuer records.
  • Extensions — Key Usage, Extended Key Usage, Basic Constraints, Authority Information Access, CRL Distribution Points, and more.

Supported inputs: PEM, DER hex, and Base64 DER. You can paste, drag-and-drop, or upload a file. Need to decode a CSR instead? Try the CSR Decoder.

Supports .crt, .cer, .pem, .der, and .txt files.

Contact Us: General enquiries or free consultation

We’re really grateful for giving us a chance to connect with you. Please do not hesitate to ask us anything and we will respond to you asap.

image

    You have read, understood and agree to be bound by Netrust's Personal Data Protection Policy and Terms of Service.

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.