PEM Certificate Decoder

Decode and inspect X.509 certificates — subject, issuer, SANs, key info, extensions & security analysis. 100% client-side.

🔒 Client-Side Only

X.509 v3

RSA & EC

Paste PEM Certificate

Paste a PEM-encoded certificate (starts with -----BEGIN CERTIFICATE-----). Nothing leaves your browser.

How It Works

This tool parses X.509 certificates entirely in your browser using a pure JavaScript ASN.1 DER parser. No data is sent to any server.

Decodes ASN.1 DER structure from PEM base64 encoding
Extracts subject, issuer, validity, public key info, and extensions
Parses Subject Alternative Names (DNS, IP, URI, Email)
Analyzes key strength, signature algorithm, and expiry
Computes SHA-256 fingerprint using Web Crypto API

Tip: To get a certificate from a website, run: openssl s_client -connect example.com:443 -servername example.com </dev/null 2>/dev/null | openssl x509