Paste any PEM-encoded CSR or SSL certificate (or upload a file) to decode all public fields — subject, issuer, validity, SANs, key info, fingerprints and extensions. Supports .pem .crt .cer .csr .der .p7b. No private key data is ever read or stored.
Enter any domain or HTTPS URL to fetch its live SSL certificate directly from the server. Useful for checking expiry dates, confirming the correct cert is deployed, and inspecting the full chain — no file needed. Connection timeout: 4 seconds.
If you get a timeout, your hosting server may block outbound port 443 connections.
Paste your original CSR and your server (end-entity) certificate to verify all subject fields were correctly carried over during signing, and to confirm the public key matches. Do not paste a Root CA or Intermediate CA certificate here — those will not share fields with your CSR. Use only the certificate issued directly for your domain.
Decoding certificate data…