Where do I find my SSL certificate?

Your PEM certificate is usually in a .crt or .pem file. You can also get it from your SSL provider or web server configuration.

SAN (Subject Alternative Name) lists all the domain names and IPs a certificate is valid for. Modern certificates use SANs instead of CN for domain validation.

SSL Certificate Decoder

Paste a PEM certificate to instantly decode all its fields: subject, issuer, SANs, and expiry dates.

PEM Certificate

Certificate is parsed on our servers. Never paste private keys here.

How to use SSL Certificate Decoder

The SSL Certificate Decoder takes a PEM-encoded certificate and parses its contents into human-readable fields: subject, issuer, validity dates, serial number, signature algorithm, public key details and the Subject Alternative Names it covers. Certificates are stored as dense Base64 blocks that reveal nothing at a glance, so decoding one is the only way to confirm it contains what you expect before installing it. Use this tool to verify a certificate a vendor sent you, to read the SANs on an existing certificate, or to confirm the signature algorithm meets your security policy.

Paste the full PEM certificate, including the BEGIN and END lines.
Click Decode to parse the certificate’s fields.
Review the subject, issuer and validity dates.
Check the Subject Alternative Names and signature algorithm.
Confirm the details match what you ordered before installing.

Reading the key certificate fields

The subject identifies who the certificate is for, and the issuer identifies the certificate authority that signed it. The validity dates bound when it can be used, while the Subject Alternative Names list every hostname it secures — for modern certificates the SAN list, not the older common name, is what browsers check. The signature algorithm shows how the certificate was signed; SHA-256 is the current norm and anything using the deprecated SHA-1 should be replaced. Decoding surfaces all of these so nothing is taken on trust.

Important certificate fields
Field	What it tells you
Subject	The entity the certificate identifies
Issuer	The CA that signed it
Not Before / Not After	The validity window
SAN	All hostnames covered
Signature algorithm	How it was signed (e.g. SHA-256)

PEM and DER encodings

Certificates come in two common encodings. PEM is the Base64 text form wrapped in BEGIN and END CERTIFICATE lines, easy to copy and paste and what this decoder expects. DER is the raw binary form, often carried in .cer or .der files. Converting between them changes only the container, not the certificate itself. If your certificate is in DER you can convert it to PEM with openssl before decoding. Knowing which form you have avoids the frustration of a paste that will not parse.

Glossary

PEM: A Base64 text encoding of a certificate wrapped in BEGIN/END lines.
DER: The binary encoding of a certificate, common in .cer files.
Subject: The identity a certificate is issued to.
SAN: Subject Alternative Name — the hostnames a certificate secures.
Signature algorithm: The cryptographic method used to sign the certificate, such as SHA-256 with RSA.

Frequently Asked Questions

Free · No spam

Get weekly tool tips & updates

New tools, power-user tips, and productivity hacks — delivered free every Friday.

No spam, ever. Unsubscribe with one click.

Why use SSL Certificate Decoder?

Real-time DNS lookups using live resolver queries
Supports IPv4 and IPv6 addresses
No software to install — runs entirely in the browser
Results include TTL values and record priority

Common use cases

Verify DNS propagation after updating nameservers
Check MX records when troubleshooting email delivery
Look up SPF/DKIM/DMARC records for email security audits
Test whether a SSL certificate is valid and up to date
Find the IP address behind a domain name

Related Network & DNS

SSL Certificate Checker

Check any website's SSL/TLS certificate validity, issuer, expiry date, and days remaining. Instant SSL verification.

CSR Decoder

Decode and inspect Certificate Signing Requests (CSR). View subject details, public key size, and algorithm from PEM CSR.

DNS Lookup Tool

Look up DNS records for any domain — A, AAAA, MX, NS, TXT, CNAME, SOA, and CAA records. Free, instant results pulled from authoritative nameservers.

DNS Propagation Checker

Check if your DNS changes have propagated worldwide. Test A, MX, and NS records across 8 global DNS servers to confirm updates are live everywhere.

What Is My IP Address?

Instantly find your public IP address. Shows your IPv4 address as seen by websites and servers, plus quick details about your connection.

HTTP Headers Checker

View HTTP response headers for any URL. Check status codes, security headers, caching, redirects, and server details instantly. Free and private.

Explore all Network & DNS.