SSL Certificate Decoder parses and displays the contents of PEM-encoded certificates. See the subject, issuer, validity dates, serial number, signature algorithm, and Subject Alternative Names without using command-line OpenSSL tools.
How to use this tool
Paste your PEM-encoded certificate (starts with -----BEGIN CERTIFICATE-----).
Click Decode to parse the certificate.
Review subject and issuer details.
Check validity dates to see when it expires.
Inspect SAN entries to see which domains the certificate covers.
Frequently asked questions
What is a PEM certificate?
PEM is a Base64-encoded format for certificates, bounded by BEGIN/END CERTIFICATE lines. It's the most common format used by web servers like Apache and Nginx, and by Let's Encrypt.
How do I get my certificate in PEM format?
Most CAs provide PEM format by default. On a server, find it in your web server config (e.g., /etc/letsencrypt/live/domain/fullchain.pem). You can also export from a browser by viewing certificate details.
What is the Subject Alternative Name field?
SAN lists all domains a certificate is valid for. Modern certificates use SAN instead of just the Common Name. A single cert can cover example.com, www.example.com, and api.example.com.
What signature algorithm should my cert use?
SHA-256 with RSA is the current standard. SHA-1 is deprecated and untrusted by browsers. ECDSA certificates are newer and faster but have the same security level.