Certificate Input
100% local. Certificates are parsed in your browser and never uploaded.
Result

SSL Certificate Parser (Decoder)

This free online SSL certificate parser decodes X.509 certificates and shows every field — version, serial number, signature algorithm, SHA-1 and SHA-256 fingerprints, subject, issuer, validity period, public key, extensions and the certificate chain. It reads PEM, DER, PKCS#7 (.p7b/.p7c) and PKCS#12 (.p12/.pfx, including password-protected and legacy 3DES/RC2 files). Unlike server-side certificate decoders, everything runs locally in your browser — your certificate, and any private key inside a .p12, is never uploaded.

What is an SSL/TLS certificate?

An SSL/TLS certificate is an X.509 digital document that binds a public key to an identity (a domain name and, optionally, an organization). It is signed by a Certificate Authority (CA) and lets browsers and servers establish encrypted, authenticated HTTPS connections. A certificate contains subject and issuer distinguished names, a validity window, a public key, and extensions such as Subject Alternative Names, Key Usage and Basic Constraints.

Supported certificate formats

  • PEM — Base64 text between -----BEGIN CERTIFICATE----- markers; extensions .pem, .crt, .cer, .cert.
  • DER — binary ASN.1 encoding, common in Java environments; extensions .der, .cer.
  • PKCS#7 — a certificate bundle that can carry a full chain; extensions .p7b, .p7c.
  • PKCS#12 — a password-protected container holding a certificate, its chain and often a private key; extensions .p12, .pfx.

How to use this tool

  1. Paste the certificate text into the editor, or click Import certificate file to load a local file (up to 10 MB).
  2. Leave Format on Auto detect; the format is decided from the content. For a password-protected .p12/.pfx, enter its password when the field appears.
  3. Click Parse Certificate. The decoded fields appear on the right and can be exported as JSON. Nothing is sent to any server.

Why parse a certificate locally?

  • Privacy — certificates and the private keys inside PKCS#12 files stay in your browser; there is no upload.
  • Auditing — quickly verify validity dates, key size, signature algorithm, SANs and key usage before deploying.
  • Troubleshooting — inspect the certificate chain and issuer to debug trust and expiry problems.

Frequently asked questions

Is my certificate uploaded anywhere?

No. Parsing runs entirely in your browser using a local Web Worker. Your certificate, and any private key contained in a .p12/.pfx file, never leaves your device and the password is used in memory only.

Which formats and algorithms are supported?

PEM, DER, PKCS#7 and PKCS#12 containers, with RSA, ECDSA (P-256/P-384/P-521) and EdDSA public keys. PKCS#12 files encrypted with modern AES or legacy 3DES/RC2 are both supported.

Can it read the private key from a .p12?

The tool decrypts the PKCS#12 container to read the certificates it contains, but it only displays certificate information — it does not export or display the private key material.