SSL Certificate Decoder
Paste a PEM certificate to decode and inspect all fields. Your certificate data never leaves your browser.
Paste any PEM-encoded certificate. Decoding happens entirely in your browser — nothing is sent to a server.
Frequently Asked Questions
- What is a PEM certificate?
- PEM (Privacy Enhanced Mail) is the most common format for SSL/TLS certificates. It is a Base64-encoded certificate wrapped in -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- headers.
- How do I get my SSL certificate in PEM format?
- Most web servers (Apache, Nginx) store certificates as .pem or .crt files. You can also export them from browsers, or use openssl: openssl s_client -connect yourdomain.com:443 | openssl x509 -text
- Is the certificate data sent anywhere?
- No. All decoding happens entirely in your browser using the node-forge library loaded from a CDN. Your certificate data is never sent to any server.
- What are Subject Alternative Names (SANs)?
- SANs are additional domain names covered by a certificate. Modern certificates use SANs instead of the CN field for multi-domain coverage. A wildcard SAN like *.example.com covers all subdomains.
- What does the serial number mean?
- The serial number is a unique identifier assigned by the Certificate Authority. It is used to track and revoke specific certificates. If a certificate is compromised, the CA adds its serial number to the Certificate Revocation List (CRL).