A CSR (Certificate Signing Request) is a block of encoded text containing your public key and identity information, sent to a CA to request an SSL certificate.

CSR Decoder

Paste your PEM CSR to instantly view its subject, key size, and algorithm details.

Certificate Signing Request (CSR)

Paste a PEM-encoded CSR starting with -----BEGIN CERTIFICATE REQUEST-----

CSR is parsed on our servers. Never paste private keys here — only CSRs are safe to share.

How to use CSR Decoder

The CSR Decoder parses a Certificate Signing Request and displays the information it carries before you submit it to a certificate authority: the common name and Subject Alternative Names, the organisation and location fields, the key type and size, and the signature algorithm. A CSR with a typo in the domain or the wrong key size means the issued certificate will be wrong too, forcing a costly reissue, so decoding and double-checking a CSR before submission is a small step that prevents real headaches. Use this tool to verify a CSR exactly matches what you intend to certify.

Paste the full PEM CSR, including the BEGIN and END lines.
Click Decode to parse the request’s fields.
Verify the common name and any Subject Alternative Names.
Confirm the key type, key size and organisation details.
Submit the CSR to your CA once everything is correct.

What a CSR contains and why it matters

A CSR bundles the public key you generated with the identity details you want certified, all signed by your private key to prove you hold it. The most important field is the common name (and, for modern certificates, the SAN list) because that is the hostname the certificate will secure — get it wrong and browsers will reject the certificate as a name mismatch. The organisation and location fields matter for organisation-validated certificates. Decoding lets you catch any of these mistakes while they are still cheap to fix.

Key CSR fields
Field	Why it matters
Common Name / SAN	The hostname(s) the certificate will cover
Key size	Must be 2048-bit RSA or stronger
Organisation	Required for OV/EV certificates

Keys, sizes and the private half

A CSR contains only the public key; the matching private key never leaves your server and must be kept safe, because the certificate you receive is useless without it. Choose a strong key — at least 2048-bit RSA, or a modern ECDSA key — since CAs reject weak keys outright. If you lose the private key after issuance you cannot use the certificate and must start over with a new CSR. Decoding confirms the key type and size are acceptable before you commit to submitting the request.

Glossary

CSR: A Certificate Signing Request bundling a public key with identity details for a CA to sign.
Common Name: The primary hostname a certificate will secure.
Private key: The secret half of a key pair that must stay on your server.
RSA / ECDSA: Public-key algorithms used to generate certificate keys.
Subject Alternative Name: Additional hostnames a certificate covers beyond the common name.

Frequently Asked Questions

Free · No spam

Get weekly tool tips & updates

New tools, power-user tips, and productivity hacks — delivered free every Friday.

No spam, ever. Unsubscribe with one click.

Why use CSR Decoder?

Real-time DNS lookups using live resolver queries
Supports IPv4 and IPv6 addresses
No software to install — runs entirely in the browser
Results include TTL values and record priority

Common use cases

Verify DNS propagation after updating nameservers
Check MX records when troubleshooting email delivery
Look up SPF/DKIM/DMARC records for email security audits
Test whether a SSL certificate is valid and up to date
Find the IP address behind a domain name

Related Network & DNS

SSL Certificate Decoder

Decode and inspect SSL/TLS certificates from PEM format. View subject, issuer, SANs, validity dates, and fingerprints.

SSL Certificate Checker

Check any website's SSL/TLS certificate validity, issuer, expiry date, and days remaining. Instant SSL verification.

DNS Lookup Tool

Look up DNS records for any domain — A, AAAA, MX, NS, TXT, CNAME, SOA, and CAA records. Free, instant results pulled from authoritative nameservers.

DNS Propagation Checker

Check if your DNS changes have propagated worldwide. Test A, MX, and NS records across 8 global DNS servers to confirm updates are live everywhere.

What Is My IP Address?

Instantly find your public IP address. Shows your IPv4 address as seen by websites and servers, plus quick details about your connection.

HTTP Headers Checker

View HTTP response headers for any URL. Check status codes, security headers, caching, redirects, and server details instantly. Free and private.

Explore all Network & DNS.