SSL Certificate Decoder
Decode and inspect SSL/TLS certificates. Paste your PEM certificate or upload a certificate file to see its details.
What Is an SSL/TLS Certificate?
An SSL/TLS certificate is a digital document that binds a cryptographic key pair to an organization's identity. It enables HTTPS connections by providing the server's public key and identity information to browsers, which use it to establish encrypted, authenticated communication channels. Despite the name "SSL," modern certificates use TLS (Transport Layer Security), the successor to the deprecated SSL protocol.
Certificate Fields Explained
| Field | Purpose |
|---|---|
| Subject (CN) | The domain name or organization the certificate is issued to |
| Issuer | The Certificate Authority (CA) that issued the certificate |
| Valid From / To | The certificate's validity period (typically 90 days to 1 year) |
| Serial Number | A unique identifier assigned by the CA |
| Signature Algorithm | The algorithm used to sign the certificate (e.g., SHA-256 with RSA) |
| Subject Alternative Names (SAN) | Additional domain names covered by the certificate (wildcard, multi-domain) |
| Public Key | The server's public key used for key exchange during TLS handshake |
| Fingerprint | A hash of the entire certificate for identification and pinning |
Certificate Types
- Domain Validation (DV): Verifies domain ownership only. Fastest and cheapest. Used by Let's Encrypt.
- Organization Validation (OV): Verifies domain ownership and organization identity. Shows company name in certificate details.
- Extended Validation (EV): Thorough verification including legal entity checks. Previously showed green bar in browsers.
- Wildcard: Covers all subdomains of a domain (e.g.,
*.example.com). - Multi-Domain (SAN): Covers multiple distinct domain names in a single certificate.
Common Use Cases
- Certificate Inspection: View certificate details to verify issuer, expiration, and covered domains.
- Troubleshooting: Diagnose HTTPS errors by checking if the certificate matches the domain or has expired.
- Security Auditing: Verify that certificates use strong signature algorithms and adequate key sizes.
- Renewal Planning: Check expiration dates to plan certificate renewals before they lapse.
Frequently Asked Questions
What is the difference between SSL and TLS?
SSL (Secure Sockets Layer) was the original protocol, with SSL 3.0 being the last version before it was deprecated due to security vulnerabilities. TLS (Transport Layer Security) is the modern successor, with TLS 1.3 being the current version. The term "SSL certificate" persists as a legacy name.
Does this tool validate the certificate?
This tool decodes and displays certificate contents. It does not perform full certificate chain
validation, revocation checking, or hostname verification. Use browser developer tools or
openssl for complete validation.