Is my certificate data sent to a server?

No. All certificate parsing runs locally in your browser using the Web Crypto API and custom ASN.1 parsing. Your certificate data never leaves your device.

Where do I get the PEM certificate for my website?

You can extract it with OpenSSL: openssl s_client -connect yourdomain.com:443 </dev/null | openssl x509. Alternatively, click the padlock icon in your browser and export the certificate as PEM.

What is the difference between a certificate and a private key?

A certificate contains the public key and identity information — it is safe to share. The private key must be kept secret and is used to prove ownership. This tool only handles certificates, not private keys.

What are Subject Alternative Names (SANs)?

SANs are additional domain names covered by a single certificate. For example, a certificate for example.com may also include www.example.com and api.example.com as SANs.

📜

SSL Certificate Decoder

Paste any PEM SSL/TLS certificate and instantly inspect its subject, issuer, expiry date, SANs and more. Runs entirely in your browser.

🔒 Security Tools Free Browser-based

Tool

PEM Certificate

What is a PEM Certificate?

PEM (Privacy-Enhanced Mail) is the most common format for SSL/TLS certificates. It is a Base64-encoded DER certificate wrapped in -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- headers. Certificates in this format are used by web servers, email servers and other TLS-enabled applications.

Key Certificate Fields

Field	Description
Common Name (CN)	The domain or entity the certificate is issued to
Subject Alternative Names	Additional domains covered by the certificate (wildcard etc.)
Issuer	The Certificate Authority (CA) that signed the certificate
Not Before / Not After	Validity period — certificate is rejected outside this range
Serial Number	Unique identifier assigned by the CA
Signature Algorithm	Algorithm used to sign the certificate (e.g. SHA256withRSA)

Where to Get a Certificate

You can obtain a server's PEM certificate using: openssl s_client -connect domain.com:443 </dev/null 2>/dev/null | openssl x509

SSL Certificate Decoder

What is a PEM Certificate?

Key Certificate Fields

Where to Get a Certificate

Frequently Asked Questions