What is an X.509 certificate?
An X.509 certificate is a digital certificate that uses the X.509 public key infrastructure (PKI) standard to verify that a public key belongs to the identity contained within the certificate. These certificates are commonly used in many internet protocols, including HTTPS (secure web browsing), email encryption (S/MIME), and code signing.
What certificate formats can I decode with this tool?
This tool is designed to decode X.509 certificates in PEM format. PEM (Privacy Enhanced Mail) format is a base64 encoded certificate that begins with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----". This is the most common format for certificates used in web servers and other applications.
Can I decode multiple certificates at once?
Yes, you can paste multiple certificates (a certificate chain) into the decoder. The tool will identify each certificate in the chain and decode them individually, displaying them in the order they appear in your input.
Is my certificate data sent to your servers?
No. All certificate decoding happens entirely in your browser using JavaScript. Your certificate data never leaves your device and is not sent to our servers or any third-party servers. This ensures your sensitive certificate data remains private.
How do I get the PEM format of my certificate?
If you have a certificate file with extensions like .crt, .cer, or .pem, you can usually open it with a text editor to see if it's in PEM format (it will start with "-----BEGIN CERTIFICATE-----"). If your certificate is in DER format (binary), you can convert it to PEM using OpenSSL with the command: openssl x509 -inform DER -in certificate.der -out certificate.pem
How do I extract a certificate from a website?
Most web browsers allow you to view and export a website's SSL/TLS certificate. In general, you can click on the padlock icon in the address bar, view the certificate details, and export it. The exact steps vary by browser. Once exported, you may need to convert it to PEM format if it's not already in that format.
What information can I see about my certificate?
Our decoder displays comprehensive information about your certificate, including:
- Subject and Issuer details
- Validity period (start and end dates)
- Serial number
- Signature and public key algorithms
- Key size
- Subject Alternative Names (SANs)
- Key Usage and Extended Key Usage
- Basic Constraints
- Subject and Authority Key Identifiers
- Certificate policies
- Authority Information Access (AIA)
- CRL Distribution Points
- Thumbprints/Fingerprints
The decoder says my certificate is invalid. What does this mean?
This usually means the input you provided is not in a valid PEM certificate format or the certificate data is corrupted. Make sure your input starts with "-----BEGIN CERTIFICATE-----" and ends with "-----END CERTIFICATE-----" and contains valid base64-encoded data between these markers.
Is this tool free to use?
Yes, this certificate decoder tool is completely free to use with no limitations or registration required.