SSL/TLS Certificate Decoder

També disponible en:

العربيّة

Azərbaycan dili

Български

Čeština

Dansk

Deutsch

Ελληνικά

English

Esperante

Español

Eesti

Euskara

فارسی

Suomi

Français

Galego

עברית

हिन्दी

Magyarul

Bahasa Indonesia

Italiano

日本語

한국어

Lietuvių

norsk

Nederlands

Polski

Português

Русский

Slovenčina

Slovenščina

Shqip

Svenska

ภาษาไทย

Türkçe

Українська

اردو

Tiếng Việt

简体中文

繁體中文

How to get a certificate PEM to test

From the command line (Linux/macOS):

openssl s_client -connect example.com:443 </dev/null 2>/dev/null \
  | openssl x509 -outform PEM

This prints the leaf certificate for any HTTPS host. Paste the full -----BEGIN CERTIFICATE----------END CERTIFICATE----- block above.

Get the full chain (leaf + intermediates):

openssl s_client -showcerts -connect example.com:443 </dev/null 2>/dev/null \
  | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p'

From Chrome / Edge:

  1. Navigate to any HTTPS site. Click the padlock icon → Connection is secureCertificate is valid.
  2. In the Certificate viewer, click Details tab → Export…
  3. Save as PEM (chain) format. Open in a text editor and paste here.

From Firefox:

  1. Click the padlock → Connection SecureMore InformationView Certificate.
  2. In the new tab, click PEM (cert) to download, then paste contents here.

Well-known public CA certificates (for quick testing):

  • Let's Encrypt root: curl https://letsencrypt.org/certs/isrgrootx1.pem
  • Or click Load Sample below to use the ISRG Root X1 certificate.

SSL/TLS Certificate Decoder

Paste a PEM certificate or chain to decode X.509 fields, validity, SANs, and key info.