Certificate Decoder
More Information About the Certificate Decoder
The Certificate Decoder reads any X.509 certificate and shows you what's inside — useful for verifying a certificate was issued correctly, checking validity dates, or troubleshooting hostname mismatches.
The decoder extracts and displays:
- Subject — Common Name, Organization, Organizational Unit, Locality, State, and Country.
- Issuer — the Certificate Authority that signed the certificate.
- Validity window — Not Before / Not After dates and days remaining before expiry.
- Subject Alternative Names — every DNS, IP, or email entry the certificate covers.
- Key algorithm and size — RSA, ECC, or DSA, with key length in bits or curve name.
- Signature algorithm — flags weak hashes like SHA-1 or MD5.
- Fingerprints — SHA-256 and SHA-1 for matching against issuer records.
- Extensions — Key Usage, Extended Key Usage, Basic Constraints, Authority Information Access, CRL Distribution Points, and more.
Supported inputs: PEM, DER hex, and Base64 DER. You can paste, drag-and-drop, or upload a file. Need to decode a CSR instead? Try the CSR Decoder.
Supports .crt, .cer, .pem, .der, and .txt files.


