How to Decode an SSL/TLS Certificate
Learn how to read and verify the contents of a PEM-encoded SSL/TLS certificate using the Certificate Decoder.
Tool Used
Certificate Decoder
Obtain the PEM certificate
Get the certificate from your server, your certificate authority's portal, or by running `openssl s_client -connect domain.com:443 </dev/null` in a terminal and copying the CERTIFICATE block from the output.
Copy the full PEM block
Include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- delimiter lines along with the Base64 body — the decoder needs the complete block to parse correctly.
Paste and decode
Paste into the textarea and the tool decodes it instantly, showing the subject, issuer, serial number, validity dates, and extensions.
Verify the expiry date
Check the Valid To date to confirm the certificate is not expired or about to expire. Most browsers start warning users 30 days before expiry.
Check Subject Alternative Names
The SANs extension lists every domain the certificate covers. Verify that all domains and subdomains your site uses appear in the list; missing entries will cause browser warnings.
All done!
You are ready to use Certificate Decoder like a pro.