PKI utility

PKCS#10 CSR Decoder

Decode a Certificate Signing Request (CSR) — subject DN, public key, signature algorithm, and any requested extensions (SAN, basic constraints, key usage). Useful for sanity-checking what your tooling is about to send to a CA. Drop a .csr file or paste the PEM block.

Client-sideNo uploadRFC 2986

Input

Choose file

PEM-armoured CSR (or hex / base64 of the DER).

Result

Paste, drop, or pick a file.

All parsing runs locally.

CSRs in one line

A CSR is a self-signed PKCS#10 structure: a CertificationRequestInfo (version, subject, public key, optional attributes incl. requestedExtensions) plus the algorithm and signature over it. Defined by RFC 2986. The CA discards everything except the bits it wants and re-signs.

Spec

RFC 2986 (PKCS#10) and RFC 5280 (extensions).

Companion tool

Convert PEM ↔ DER if your CSR arrives in raw form.

PEM ↔ DER →

Related blog

Coming soon: PKI for the embedded world.

Engineering blog →