Certificate Decoder
Paste a PEM certificate (or a full chain) and read exactly what's inside — subject, issuer, validity, SAN, key and fingerprints. Decoded on our server, nothing stored.
Tip: grab a server's certificate with
openssl s_client -connect example.com:443 -showcerts. Or just
run an SSL test instead.
Decoding certificates one at a time doesn't scale
CertControl keeps a live inventory of every certificate you own — internet-facing and internal — with the same details, validated continuously, and alerts before any of them expire.
See continuous monitoring →What the certificate decoder shows
An X.509 certificate is a structured, base64-encoded document. This tool parses it and shows the fields that matter in practice: who it was issued to (subject and Subject Alternative Names), who issued it, the validity window and days remaining, the public-key algorithm and size, the signature algorithm, the serial number, and the SHA-256 / SHA-1 fingerprints. Paste a whole chain and each certificate is decoded in turn.
Is anything uploaded or stored?
The certificate is sent to our server only to be parsed, and the result is returned immediately — it is not stored, and no account or personal data is required. A certificate is public information anyway: it is what a server presents to every visitor.
Can I decode a full chain or just one certificate?
Both. Paste a single PEM block or several concatenated together (leaf + intermediates) and each certificate is decoded separately.
What if I only have the base64, without the BEGIN/END lines?
That works too — paste the base64 and the tool will wrap it for you.