📜
Décodeur de Certificats
Privacy FirstDécodez les certificats X.509 et fichiers PEM.
Common Name
—
Issuer
—
Valid From
—
Valid To
—
Subject expand_more
Issuer expand_more
Subject Alternative Names (SANs) expand_more
Certificate Details expand_more
Extensions expand_more
Certificate Fields
| Field | Description |
|---|---|
Subject | Entity the certificate identifies |
Issuer | CA that signed the certificate |
Serial Number | Unique certificate identifier |
Not Before / After | Validity period |
Subject Alt Names | Additional domains / IPs |
Key Usage | Allowed operations |
Certificate Types
| Type | Validation | Use Case |
|---|---|---|
DV (Domain) | Quick / automated | Basic HTTPS |
OV (Organization) | Business verified | Company sites |
EV (Extended) | Strict verification | Financial / legal |
What are X.509 Certificates?
X.509 is a standard format for public key certificates, which are digital documents that securely bind a public key to an identity (such as a website, organization, or individual). These certificates are the foundation of the Public Key Infrastructure (PKI) used to secure the internet via HTTPS, as well as for signing emails and software.
An X.509 certificate contains the public key, the identity of the certificate holder, and the digital signature of the Certificate Authority (CA) that issued the certificate, proving its authenticity.
How to Use This Tool
- Paste your certificate: Copy your PEM-encoded certificate (including the BEGIN and END headers) and paste it into the input field.
- Parse: Click "Parse Certificate" to extract and analyze the data.
- Review Summary: Check the top cards for the Common Name (CN), Issuer, and validity dates.
- Inspect Details: Expand the sections below to see the full Subject, Issuer, SANs, and technical extensions.
- Check Status: Look at the status badge to see if the certificate is currently valid or expired.
Common Use Cases
- SSL/TLS Troubleshooting: Diagnosing why a website is showing a "Not Secure" warning by checking for expiration or hostname mismatches.
- Security Auditing: Verifying that a certificate was issued by a trusted CA and uses strong signature algorithms (like SHA-256).
- Development: Inspecting self-signed certificates or CSRs (Certificate Signing Requests) during local development.
- Infrastructure Management: Checking the Subject Alternative Names (SANs) to ensure all required subdomains are covered by a single certificate.
Pro Tips
- Check the SANs: Modern browsers rely on the Subject Alternative Name (SAN) extension rather than the Common Name (CN) for hostname verification. Always ensure your domain is listed in the SANs.
- Verify the Chain: If a certificate is valid but still untrusted, it may be missing intermediate certificates. Check the "Issuer" to identify which intermediate CA you need to include on your server.
- Fingerprints for Pinning: Use the SHA-256 Fingerprint provided by this tool if you need to implement certificate pinning in mobile applications or high-security APIs.