Is the certificate data sent to a server?

No. All parsing is done entirely in your browser using the node-forge library. Your certificate data never leaves your device.

What information does the decoder show?

Subject, issuer, validity period (valid from / valid to), serial number, signature algorithm, public key type and size, and whether the certificate is currently valid or expired.

SSL/PEM Certificate Decoder

Decode and inspect X.509 certificates

Client-sideX.509 / PEMInstant

Paste PEM Certificate

What is a PEM Certificate?

A PEM (Privacy Enhanced Mail) certificate is a Base64-encoded X.509 certificate enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- headers. It is the most common format for SSL/TLS certificates used to secure websites and services.

How to Use this Tool

Paste Your Certificate: Copy your PEM-encoded certificate and paste it into the input area.
Click Decode: Press the "Decode Certificate" button to parse and inspect the certificate.
View Details: See the subject, issuer, validity dates, serial number, signature algorithm, public key info, and expiry status.
Copy JSON: Click "Copy JSON" to copy all decoded details as a JSON object.

What Information is Decoded?

Subject: The entity the certificate is issued to.
Issuer: The Certificate Authority that signed the certificate.
Validity: The date range during which the certificate is valid.
Serial Number: A unique identifier assigned by the CA.
Signature Algorithm: The algorithm used to sign the certificate (e.g., SHA-256 with RSA).
Public Key: The type and size of the public key (e.g., RSA 2048-bit).
SANs: Subject Alternative Names — additional domains covered by the certificate.

Important Note:

All parsing is done entirely in your browser. Your certificate data never leaves your device. We use the open-source node-forge library for X.509 parsing.

Explore More

JWT DecodeInspect and verify JSON Web Token payloads and headers.

Hash GeneratorGenerate MD5, SHA-1, SHA-256, SHA-512 hashes from any text.

UUID GeneratorGenerate UUID/GUID v1, v4, and v5 identifiers instantly.

SAML DecoderDecode Base64-encoded SAML responses and inspect XML.

Base64 EncodeConvert plain text or binary data into Base64 format instantly.

Base64 DecodeDecode Base64 strings back to readable text or binary data.

URL Encode/DecodeEncode or decode URLs, query strings and special characters.

HTML Entity Encode/DecodeConvert HTML special characters to entities and back.