Command Palette

Search for a command to run...

X.509

Certificate Decoder

Decode PEM X.509 certificates locally and inspect key fields.

Input
Supports single or multiple PEM certificates.

Limits: input 200KB, certificates 5, ASN nodes 5000

Certificate parsing runs entirely in your browser.

This is a decoder only. It does not perform chain trust, OCSP, or CRL validation.

Output
0 certificate(s) parsed

Decoded certificate details will appear here.

What

Certificate Decoder definition

An X.509 certificate contains public key material, identity, issuer, validity, and extension metadata.

Cases

Use Cases

1

Check certificate subject/issuer/expiry

2

Inspect SAN, Key Usage, Basic Constraints

3

Extract SHA-256 fingerprint

How To

How to decode PEM certificates

Paste one or more PEM blocks and parse certificate metadata.

1

Paste PEM

Paste certificate blocks including BEGIN/END CERTIFICATE lines.

2

Run decode

Click decode to parse DER structure safely in-browser.

3

Review fields

Inspect subject, issuer, validity, SAN, and fingerprint values.

Knowledge

Understanding certificate structure

X.509 layout
Certificates contain TBSCertificate, SignatureAlgorithm, and SignatureValue sections.
Subject and issuer
Subject identifies the entity; issuer identifies who signed the certificate.
Validity window
Not Before/Not After define when the certificate can be used.
Extensions
SAN, key usage, and basic constraints drive usage and trust boundaries.
Fingerprint
SHA-256 fingerprint uniquely identifies a specific certificate binary.

FAQ

Certificate Decoder FAQ

Does this validate trust chains?
No. It only decodes fields and extensions.
Can I decode multiple certificates?
Yes, up to five PEM certificates in one input.
Which fields are extracted?
Subject, issuer, serial, signature algorithm, validity, SAN, basic constraints, key usage, and SHA-256 fingerprint.
How is expiry determined?
Not After is compared against the current time.
What SAN types are shown?
DNS, email, URI, and IP are parsed when available.
Is certificate data uploaded?
No. Decoding is local-only.
Why might parsing fail?
Malformed or unsupported DER structures may fail safely.
Why is fingerprint useful?
Fingerprints are used for certificate pinning, inventory, and identity checks.
Certificate Decoder