SSL/TLS Certificate & Key Decoder
Safely decode PEM formatted CRT / CSR / Private Keys strictly within your browser. Input data is never sent externally.
πView SSL/TLS Terminology & Distinguished Name (DN) Cheat Sheet
Differences in PEM File Types
Common Base64-encoded text format (PEM) files frequently used in practice.
- β’
CRT / CERThe 'public key certificate' signed by a Certificate Authority (CA). Configured on the server and presented to clients. - β’
CSRA 'signing request' file used to request a certificate from a CA. It contains the public key and applicant information (Distinguished Name). - β’
KEYThe 'private key' that must be securely stored on the server. Generated when creating a CSR and works as a pair with the CRT. It must never be leaked.
Distinguished Name (DN) Abbreviations
Abbreviations for attributes used in the certificate's SUBJECT and ISSUER fields.
- β’
CNCommon Name. The FQDN target for SSL communication (e.g.,www.example.com). *Note: Modern validation primarily relies on SANs instead. - β’
OOrganization. Company or organization name - β’
OUOrganizational Unit. Department or division name - β’
LLocality. City or town - β’
STState/Province - β’
CCountry. 2-letter country code
About SANs (Subject Alternative Names)
An extension field that allows a single certificate to secure multiple domains or subdomains. Modern browsers (like Google Chrome) have strictly enforced security standards, ignoring the CN value and exclusively verifying the domain names (or wildcards like *.example.com) listed in SANs. Because of this, configuring SANs is mandatory for modern SSL certificates.
Input PEM for Certificate(CRT) / CSR / Private Key
Please enter PEM data
Paste a PEM formatted certificate, CSR, or private key into the text area on the left to automatically decode it.
About Security
This tool performs all processing within your browser. The entered certificates or private keys are never transmitted to an external server. Use with peace of mind.