PKI utility

X.509 Certificate Viewer

Decode an X.509 certificate (or a chain of them) into subject DN, issuer DN, validity dates, public-key info, signature algorithm, AAGUIDs, and every extension (key usage, SAN, basic constraints, AIA, CRL DPs, …). Drag-and-drop a .pem / .crt / .cer file.

Client-sideNo uploadRFC 5280

Input

Choose file

PEM-armoured certificate (or hex / bare base64 of the DER).

Result

Paste, drop, or pick a file.

All parsing runs locally. No certificate bytes leave your browser.

What an X.509 cert is, briefly

An X.509 certificate is an ASN.1 SEQUENCE of three things: tbsCertificate (the actual content — version, serial, issuer, validity, subject, public key, extensions), signatureAlgorithm, and signatureValue. Defined by RFC 5280. We expose the decoded form here; the trust chain is verified by your TLS stack, not by this tool.

Spec

RFC 5280 (X.509 v3 PKIX profile) — the ground truth for cert structure.

Related tools

Need fingerprints? Cert chain? Use the dedicated viewers.

Cert fingerprints →

Companion product

Our digital signature tokens issue PKI certs — see Digital Signature Token.

View product →