Free Online Tool

SSL Certificate Decoder

Decode any SSL certificate or CSR in seconds — inspect subject, issuer, validity, SANs, fingerprints, key info and the full certificate chain. Supports PEM, DER, P7B and more. Read-only: no private key data is ever read or stored.

.pem ✓ .crt ✓ .cer ✓ .csr ✓ .der ✓ .p7b ✓ .pfx ✗
CSR & Certificate Decoder

Paste any PEM-encoded CSR or SSL certificate (or upload a file) to decode all public fields — subject, issuer, validity, SANs, key info, fingerprints and extensions. Supports .pem .crt .cer .csr .der .p7b. No private key data is ever read or stored.

PEM Input
Hostname Match (optional)
Live SSL Certificate Checker

Enter any domain or HTTPS URL to fetch its live SSL certificate directly from the server. Useful for checking expiry dates, confirming the correct cert is deployed, and inspecting the full chain — no file needed. Connection timeout: 4 seconds.

Domain or URL

If you get a timeout, your hosting server may block outbound port 443 connections.

CSR vs Certificate Comparison

Paste your original CSR and your server (end-entity) certificate to verify all subject fields were correctly carried over during signing, and to confirm the public key matches. Do not paste a Root CA or Intermediate CA certificate here — those will not share fields with your CSR. Use only the certificate issued directly for your domain.

CSR — Certificate Signing Request
Server Certificate  — end-entity / domain cert only, NOT root or intermediate

Decoding certificate data…