SSL Certificate Parser (Decoder)
This free online SSL certificate parser decodes X.509 certificates and shows every field — version, serial number, signature algorithm, SHA-1 and SHA-256 fingerprints, subject, issuer, validity period, public key, extensions and the certificate chain. It reads PEM, DER, PKCS#7 (.p7b/.p7c) and PKCS#12 (.p12/.pfx, including password-protected and legacy 3DES/RC2 files). Unlike server-side certificate decoders, everything runs locally in your browser — your certificate, and any private key inside a .p12, is never uploaded.
What is an SSL/TLS certificate?
An SSL/TLS certificate is an X.509 digital document that binds a public key to an identity (a domain name and, optionally, an organization). It is signed by a Certificate Authority (CA) and lets browsers and servers establish encrypted, authenticated HTTPS connections. A certificate contains subject and issuer distinguished names, a validity window, a public key, and extensions such as Subject Alternative Names, Key Usage and Basic Constraints.
Supported certificate formats
- PEM — Base64 text between
-----BEGIN CERTIFICATE-----markers; extensions.pem,.crt,.cer,.cert. - DER — binary ASN.1 encoding, common in Java environments; extensions
.der,.cer. - PKCS#7 — a certificate bundle that can carry a full chain; extensions
.p7b,.p7c. - PKCS#12 — a password-protected container holding a certificate, its chain and often a private key; extensions
.p12,.pfx.
How to use this tool
- Paste the certificate text into the editor, or click Import certificate file to load a local file (up to 10 MB).
- Leave Format on Auto detect; the format is decided from the content. For a password-protected
.p12/.pfx, enter its password when the field appears. - Click Parse Certificate. The decoded fields appear on the right and can be exported as JSON. Nothing is sent to any server.
Why parse a certificate locally?
- Privacy — certificates and the private keys inside PKCS#12 files stay in your browser; there is no upload.
- Auditing — quickly verify validity dates, key size, signature algorithm, SANs and key usage before deploying.
- Troubleshooting — inspect the certificate chain and issuer to debug trust and expiry problems.
Frequently asked questions
Is my certificate uploaded anywhere?
No. Parsing runs entirely in your browser using a local Web Worker. Your certificate, and any private key contained in a .p12/.pfx file, never leaves your device and the password is used in memory only.
Which formats and algorithms are supported?
PEM, DER, PKCS#7 and PKCS#12 containers, with RSA, ECDSA (P-256/P-384/P-521) and EdDSA public keys. PKCS#12 files encrypted with modern AES or legacy 3DES/RC2 are both supported.
Can it read the private key from a .p12?
The tool decrypts the PKCS#12 container to read the certificates it contains, but it only displays certificate information — it does not export or display the private key material.