Certificate Decoder

Paste a PEM certificate (the -----BEGIN CERTIFICATE----- block) to read its subject, issuer, validity window, SANs and SHA fingerprints. Grab one with openssl s_client -connect host:443 -servername host </dev/null | openssl x509, or export it from your browser's site-info / certificate-viewer. Browsers can't fetch a certificate for an arbitrary domain from client-side JavaScript, so you paste the PEM here, and once you do, everything is parsed in this tab. Nothing is uploaded.