PEM / X.509 viewer
ClientPaste a PEM-encoded certificate (for example from a TLS inspector or openssl x509). Private keys are not accepted here.
PEM certificate
?
Decodes PEM-encoded X.509 certificates only. Private keys are not accepted here. Paste only material you are allowed to handle.
Loading decoder…
Common use cases
- Inspect subject, issuer, and validity dates from a PEM certificate copied from a browser or openssl.
- Verify a chain leaf before trusting it in a config file or mobile profile.
- Compare serial and fingerprint fields when matching documentation from your CA.
Common mistakes to avoid
Pasting private keys into any online form
This page is for certificates and public material only. Never paste private keys into third-party sites.
Assuming a valid PEM means the connection is safe
You still need hostname verification, chain building, and trust store checks in the real TLS stack.
Sharing full certificates in public chats
Certificates are public, but they can identify infrastructure. Redact when discussing sensitive systems.
FAQ
Does the certificate leave my browser?
No. Parsing runs locally after you paste.
Why is my key rejected?
Private keys and non-certificate PEM types are not supported here by design.
Can I validate against a root store?
This viewer decodes fields only. Use your OS or tooling for full path validation.
More tools
Related utilities you can open in another tab—mostly client-side.
JWT decode
ClientInspect JWT header and payload as JSON in browser; signature not verified.
Encrypt & decrypt
ClientEncrypt, decrypt, hash (AES, DES, RC4, Rabbit, TripleDES, MD5, SHA) and Base64—client-side.
Encoding tools
ClientBase64 and URL on this page; hub lists hex, HTML entities, JWT, JSON helpers, crypto, and tokens.
Hex encode & decode
ClientUTF-8 text to hex and hex to text—strip spaces, local only.