Something wrong with this tool?

About PEM Certificate Decoder Online

This tool decodes PEM-encoded X.509 certificates and displays the structured contents: subject, issuer, validity dates, signature algorithm, public key, subject alternative names, extensions, and serial number.

PEM is the most common format for distributing certificates — TLS certs, S/MIME certs, code-signing certs, internal CA certs. Visually inspecting one helps when troubleshooting TLS errors, verifying that you've received the right certificate from a CA, or auditing what a third party has installed.

All decoding happens locally in your browser; your certificate is not uploaded or stored. The output is purely informational — to install or trust a certificate, use your operating system's or browser's certificate management tools.

How to use this tool

How to summarise a PEM certificate blob

  1. Paste the PEM

    Drop the entire `-----BEGIN CERTIFICATE-----` … `-----END CERTIFICATE-----` block (or a bundle with multiple blocks) into the "PEM" field. Leading/trailing whitespace is OK; the tool counts blocks by header occurrences.

  2. Press Run

    Result returns `certificateCount` (how many CERTIFICATE blocks were found) and `firstByteLengthBase64` (length of the base64 body of the first block — a rough size proxy for the DER bytes inside).

  3. What it does NOT decode

    This is a fingerprint check, not a full ASN.1 parser. It does NOT extract subject, issuer, SAN, validity dates, key algorithm, or fingerprint. For that, run `openssl x509 -in cert.pem -text -noout` locally.

  4. Bundle vs single

    A certificateCount of 2-3 is normal for a fullchain (leaf + intermediates). A count of 1 is just the leaf — you may need to bundle intermediates for clients that don't fetch AIA on their own.