SSL/PEM Certificate Decoder
Decode PEM certificates to view subject, issuer, validity, SANs, and more.
Security Warning
Only paste certificates here, never private keys. Private keys should remain on your server and never be shared with any online tool.
Examples
| Input | Result |
|---|---|
| PEM certificate from Let's Encrypt | Subject: CN=example.com, Issuer: R3, Valid until 2025-03-15, SANs: example.com, www.example.com |
| Self-signed certificate | Subject and Issuer match, Self-Signed: Yes |
| Expired certificate | Expired: Yes, Not After date in the past |
| Private key input | Error: Private key detected. Content not processed. |
About this tool
Paste a PEM-encoded certificate and see its details parsed out. The decoder shows the subject, issuer, validity dates, signature algorithm, Subject Alternative Names, and whether the certificate is expired or self-signed.
The tool includes a safety check that detects and rejects private keys. If you accidentally paste a private key, it will warn you and refuse to process the input. All parsing runs in your browser with no data sent to any server.
Frequently asked questions
Is it safe to paste my certificate here?
Yes. Certificates are public information and are sent to every browser that connects to your site. Only paste certificates here, never private keys. The tool detects and rejects private key input.
What fields can this tool extract?
Subject (CN, O, C), issuer, serial number, validity dates, signature algorithm, public key algorithm, version, expiration status, self-signed status, and Subject Alternative Names.
What PEM format does this tool accept?
Standard PEM format starting with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE-----. This is the format you get from most certificate authorities and tools like openssl.