Paste a PEM certificate â the tool displays Subject, Issuer, SANs, validity period, public key and extensions.
The X.509 Certificate Decoder lets you instantly inspect any SSL/TLS certificate in PEM format. It displays the full Subject DN, Issuer chain, Subject Alternative Names, validity window, signature algorithm, and public key parameters â no software required.
The decoder accepts PEM format â a text block starting with "-----BEGIN CERTIFICATE-----" and ending with "-----END CERTIFICATE-----". If you paste raw Base64 without headers, the tool will try to add them automatically.
SAN is an X.509 extension that allows a single certificate to protect multiple domain names, IP addresses, or email addresses. Modern browsers require SANs and ignore the CN field for hostname verification per RFC 2818.
No, this decoder analyzes a single certificate. To verify the complete chain (CA â Intermediate â Leaf), use the SSL Check tool.