Something wrong with this tool?
About PEM Certificate Decoder Online
This tool decodes PEM-encoded X.509 certificates and displays the structured contents: subject, issuer, validity dates, signature algorithm, public key, subject alternative names, extensions, and serial number.
PEM is the most common format for distributing certificates — TLS certs, S/MIME certs, code-signing certs, internal CA certs. Visually inspecting one helps when troubleshooting TLS errors, verifying that you've received the right certificate from a CA, or auditing what a third party has installed.
All decoding happens locally in your browser; your certificate is not uploaded or stored. The output is purely informational — to install or trust a certificate, use your operating system's or browser's certificate management tools.
How to use this tool
How to summarise a PEM certificate blob
Paste the PEM
Drop the entire `-----BEGIN CERTIFICATE-----` … `-----END CERTIFICATE-----` block (or a bundle with multiple blocks) into the "PEM" field. Leading/trailing whitespace is OK; the tool counts blocks by header occurrences.
Press Run
Result returns `certificateCount` (how many CERTIFICATE blocks were found) and `firstByteLengthBase64` (length of the base64 body of the first block — a rough size proxy for the DER bytes inside).
What it does NOT decode
This is a fingerprint check, not a full ASN.1 parser. It does NOT extract subject, issuer, SAN, validity dates, key algorithm, or fingerprint. For that, run `openssl x509 -in cert.pem -text -noout` locally.
Bundle vs single
A certificateCount of 2-3 is normal for a fullchain (leaf + intermediates). A count of 1 is just the leaf — you may need to bundle intermediates for clients that don't fetch AIA on their own.