SSL Certificate Decoder

Paste a PEM-encoded SSL certificate and instantly view its subject, issuer, validity dates, public key, fingerprint, and more. Fully client-side.

An X.509 certificate is a digitally-signed document that binds a public key to an identity (usually a domain name) and is issued by a trusted Certificate Authority. This decoder parses PEM-encoded certificates directly in your browser using pure JavaScript and the Web Crypto API - subject, issuer, validity dates, public key details, signature algorithm, SHA-256 fingerprint, and self-signed detection. Nothing is uploaded; the ASN.1 parser runs on your device.

Ad
Ad

About SSL Certificate Decoder

What the Decoder Shows

Paste a PEM certificate (the block between BEGIN CERTIFICATE and END CERTIFICATE) and the tool extracts all key fields defined in RFC 5280, the IETF X.509 profile for internet PKI:

FieldWhat It ContainsExample
VersionX.509 version (almost always v3)v3
Serial NumberUnique identifier assigned by the CA04:E3:5C:7F:... (hex)
Signature AlgorithmAlgorithm used to sign the certificateSHA256withRSA, SHA384withECDSA
IssuerThe Certificate Authority that issued itCN=Let's Encrypt R3, O=Let's Encrypt
SubjectWho the certificate was issued toCN=example.com
Not BeforeWhen the certificate became valid2025-01-15T00:00:00Z
Not AfterWhen the certificate expires2025-04-15T23:59:59Z
Public KeyKey type, size, and algorithmRSA 2048-bit, EC P-256
SHA-256 FingerprintHash of the entire certificate (DER form)A1:B2:C3:D4:... (hex)

A colour-coded banner shows whether the certificate is currently valid (green), expired (red), or not yet valid (amber). A visual timeline bar shows where today falls between the issue and expiry dates. When the subject Common Name equals the issuer Common Name, a "Self-signed" pill is displayed.

How the Decoder Works Internally

The decoding process happens entirely in your browser using JavaScript and the Web Crypto API:

StepWhat Happens
1. Strip PEM headersRemove the BEGIN/END CERTIFICATE lines and any whitespace
2. Base64 decodeConvert the Base64 string to raw binary bytes (DER format)
3. Parse ASN.1Walk the DER-encoded ASN.1 structure (TLV - Tag, Length, Value)
4. Extract fieldsRead each field from the TBSCertificate sequence
5. Map OIDsConvert numeric OIDs to human-readable names (e.g., 2.5.4.3 = Common Name)
6. Compute fingerprintHash the raw DER bytes with SHA-256 using Web Crypto API

Common Certificate Types

TypeValidation LevelWhat the CA VerifiesVisual Indicator
DV (Domain Validated)BasicApplicant controls the domain (via DNS or HTTP challenge)Padlock only
OV (Organisation Validated)MediumDomain control + organisation identity verifiedPadlock, org name in certificate details
EV (Extended Validation)HighDomain + org + legal entity verified through rigorous processPadlock, org name visible in some browsers
WildcardVaries (usually DV)Same as base type, covers *.example.comSame as base type
Multi-domain (SAN)VariesMultiple domains listed in Subject Alternative NamesSame as base type

Certificate Validity Periods

Maximum public TLS certificate validity drops from 398 days to 200 days on 15 March 2026, to 100 days on 15 March 2027, and to 47 days on 15 March 2029 under CA/Browser Forum Ballot SC-081v3 (passed April 2025). Shorter lifespans mean compromised certificates expire faster and certificate revocation becomes less critical, but they also make automation essential.

Certificate SourceValidity as of April 2026Renewal Method
Let's Encrypt (classic ACME)90 days (switching to 64 days on 10 Feb 2027)Automated via ACME (certbot, acme.sh, Caddy)
Let's Encrypt (tlsserver profile)45 days from 13 May 2026 (opt-in)Automated ACME
Let's Encrypt (short-lived profile)6 days (opt-in, launched Feb 2025)Automated ACME
Commercial CA (DV/OV, public)200 days max from 15 March 2026Manual or automated renewal
Self-signedCustom (often 1-10 years)Manual regeneration via OpenSSL
Internal / Private CACustom (not bound by CA/B Forum)Depends on organisation policy

The previous cap of 398 days was set in September 2020. The 47-day target pairs with a 10-day maximum for domain-validation reuse, which collapses the window between issuance and fresh revalidation from today's 825 days to a matter of weeks. Any organisation still renewing certificates by hand will have to automate before 2027 to avoid outages.

Signature Algorithms

The signature algorithm determines how the certificate's integrity is verified. Modern certificates use one of these algorithms:

AlgorithmKey TypeCommon Key SizesStatus
SHA256withRSARSA2048, 4096 bitsCurrent standard, widely supported
SHA384withRSARSA3072, 4096 bitsHigher security, slightly slower
SHA256withECDSAEC (P-256)256 bits (equivalent to RSA 3072)Modern, faster, smaller certificates
SHA384withECDSAEC (P-384)384 bitsHigh security, used by some government CAs
SHA1withRSARSAVariousDeprecated - browsers reject SHA-1 certificates

ECDSA certificates are gaining popularity because they offer equivalent or better security than RSA with much smaller key sizes, resulting in faster TLS handshakes. Let's Encrypt now offers ECDSA certificates by default.

How to Get a Certificate for Decoding

If you want to decode a certificate from a live website, you can extract it using the command line:

MethodCommand / Steps
OpenSSL (command line)openssl s_client -connect example.com:443 -servername example.com 2>/dev/null | openssl x509 -outform PEM
Browser (Chrome/Firefox)Click the padlock icon, then Connection is secure, then Certificate is valid, then Details tab, then Export/Copy
From a fileOpen the .pem or .crt file in a text editor and copy the entire block including BEGIN/END lines

For decoding Base64 strings outside of certificates, try the Base64 encoder and decoder. If you need to verify data integrity with hashes, the hash generator supports SHA-256 and other algorithms. All processing happens in your browser - your certificate data never leaves your device.

Why Are Certificate Lifetimes Getting Shorter?

Shorter-lived certificates close the gap between a private-key compromise and the moment attackers can no longer use the stolen certificate. The Online Certificate Status Protocol (OCSP) and Certificate Revocation Lists (CRLs) have a patchy track record - Apple deprecated OCSP Stapling in macOS Big Sur (2020), Chrome relies on CRLSets that only cover selected revocations, and Mozilla announced the end of client-side OCSP checking in Firefox 136 (March 2025). If revocation cannot be trusted, expiry becomes the only reliable kill switch.

Worked example: a 398-day certificate issued on 1 January 2025 remains usable until 3 February 2026. If the private key leaks on 15 February 2025 and revocation fails to propagate, attackers have 354 days of window. The same leak against a 47-day certificate issued on 1 February 2029 exposes at most 33 days, an 11x reduction. This is the core case made by Apple (WebPKI thread, 2023) and Google's "Moving Forward, Together" roadmap (2023) for aggressive lifetime cuts.

What Are X.509 Extensions?

X.509 v3 added the concept of extensions - optional fields that carry information beyond the core identity and key. Modern browsers rely heavily on these. This decoder focuses on the core TBSCertificate fields; the most common extensions you will see on a real website certificate are listed below.

ExtensionPurposeExample Value
Subject Alternative Name (SAN)Lists all domains the certificate is valid for. Browsers IGNORE the CN for SNI matching.DNS:example.com, DNS:*.example.com
Key UsageWhat the key is allowed to doDigital Signature, Key Encipherment
Extended Key Usage (EKU)Higher-level purpose (TLS server, TLS client, code signing)serverAuth, clientAuth
Authority Key IdentifierLinks the certificate to its issuing CA certificatekeyid:AB:CD:EF:...
CRL Distribution PointsURL where the revocation list can be fetchedhttp://crl.example-ca.com/root.crl
Authority Information AccessURLs for OCSP responders and issuing CA certificateOCSP - http://ocsp.example-ca.com
Certificate Transparency SCTsSigned receipts proving the cert was logged to public CT logs3 SCTs from Google Argon, Cloudflare Nimbus, DigiCert Yeti

Since 30 April 2018, Chrome requires every publicly-trusted TLS certificate to be logged to at least two Certificate Transparency logs. The logs are append-only Merkle trees that anyone can audit, which is how researchers discovered Symantec's misissuances in 2015-2017 and why Symantec's CA business was eventually distrusted by Chrome and Mozilla.

How Do You Verify a Certificate Chain?

A single PEM block only contains the end-entity (leaf) certificate. Real TLS deployments need the full chain - leaf, one or more intermediates, and an implicit root that the browser already trusts. The chain is validated in four steps per RFC 5280 section 6:

  1. Signature check: each certificate's signature must verify against the next certificate's public key, up to the root.
  2. Validity check: the current date must fall within every certificate's notBefore/notAfter window.
  3. Name constraints and policy check: SAN DNS names must match the site being visited, and any nameConstraints on intermediates must be honoured.
  4. Revocation check: OCSP/CRL are consulted where available (many browsers soft-fail if the responder is unreachable).

Common chain errors seen in production: missing intermediate ("incomplete chain"), expired intermediate, AIA pointing at a 404, OCSP responder returning 500s, or the host presenting certificates in the wrong order (most servers expect leaf-first, then intermediates). The openssl s_client output labelled "Verify return code: 0 (ok)" confirms the chain built successfully from the host's local trust store.

Common Certificate Decoding Mistakes

  • Confusing CN with SAN. Modern browsers match only against Subject Alternative Names. A certificate with CN=example.com but no SAN will fail in Chrome (since 2017) and Firefox.
  • Copying only part of the PEM block. The BEGIN/END CERTIFICATE lines are required; without them Base64 decoding still succeeds but ASN.1 parsing will fail on a truncated tail.
  • Mixing up fingerprint algorithms. SHA-1 fingerprints (40 hex chars) are still widely shown by openssl and browsers for pinning purposes. The certificate's signature algorithm is unrelated to the fingerprint algorithm - a SHA256withRSA certificate still has a SHA-1 fingerprint if you ask for one.
  • Trusting a self-signed certificate in production. The "Self-signed" pill shown by this decoder means issuer equals subject - fine for internal or test environments, never acceptable for a public website.
  • Treating notAfter as renewal deadline. Renew at least 1/3 of the validity period before expiry to absorb DNS, ACME challenge, or CA outages. With 47-day certs, that means automated renewal at day 30 and alerting at day 40.
  • Assuming wildcards work for multi-level subdomains. *.example.com matches a.example.com but NOT a.b.example.com. RFC 6125 limits wildcard substitution to a single label.

Sources

Frequently Asked Questions

What is a PEM certificate?

PEM is a text format for storing certificates, keys, and other cryptographic data. It starts with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----. The data between the headers is base64-encoded DER (binary certificate data).

Is my certificate data sent to a server?

No. This tool parses the certificate entirely in your browser using JavaScript. Nothing is uploaded or stored anywhere. You can disconnect from the internet and it will still work.

How do I get the PEM certificate for a website?

In most browsers, click the padlock icon in the address bar, view the certificate details, and export it as PEM. You can also use the command line with openssl s_client -connect example.com:443 to retrieve the certificate chain.

What does the SHA-256 fingerprint mean?

The fingerprint is a hash of the entire certificate in binary (DER) form. It uniquely identifies the certificate and is used to verify that the certificate has not been tampered with. Two different certificates will never share the same SHA-256 fingerprint.

Can this decode certificate chains or private keys?

This tool decodes a single X.509 certificate. It does not parse private keys (BEGIN PRIVATE KEY) or full certificate chains. If you paste a chain, only the first certificate will be parsed.

Link to this tool

Copy this HTML to link to this tool from your website or blog.

<a href="https://toolboxkit.io/tools/ssl-certificate-decoder/" title="SSL Certificate Decoder - Free Online Tool">Try SSL Certificate Decoder on ToolboxKit.io</a>