X.509 Certificate Decoder
Options
Certificate details
About X.509 Certificate Decoder
This tool decodes X.509 certificates from PEM, Base64 DER, or hex DER and shows the most useful certificate metadata in a readable format.
Use it to inspect certificate subject, issuer, validity dates, fingerprints, SAN entries, key usage, and public key information without sending data to external services.
How to use it
- Paste an X.509 certificate in PEM, Base64 DER, or hex DER format.
- Choose the matching input format.
- Click Decode certificate.
- Review the decoded summary, normalized PEM, Base64 DER, and hex DER outputs.
X.509 checks before relying on decoded certificate details
Decoding exposes certificate fields, but it does not prove possession of the private key, chain trust, revocation status, or endpoint identity.
Identity names
Check Subject Alternative Names for the exact DNS name or IP; the Common Name alone is not sufficient for modern validation.
Validity window
Review not-before, not-after, clock skew, renewal timing, and whether the certificate is currently usable.
Key and usage
Inspect public-key algorithm and size, signature algorithm, Key Usage, Extended Key Usage, and basic constraints.
Fingerprint context
Compare fingerprints only through a trusted channel and remember that decoding a certificate does not establish trust.
Related tools
You may also find these tools useful.