Free CSR Decoder — Parse and Inspect Certificate Signing Requests Online

Paste a Certificate Signing Request in PEM or raw Base64 format and instantly
decode every field — subject details, public key information, signature
algorithm, and SHA-256 hash. No uploads, no account, no limits on usage. The
entire parsing happens in your browser using a pure JavaScript ASN.1 engine.

What a CSR Decoder Reveals

A Certificate Signing Request is a binary ASN.1 structure wrapped in Base64
with PEM headers. Our decoder extracts:

  • Subject fields — the complete Distinguished Name including Common Name
    (CN), Organization (O), Organizational Unit (OU), Locality (L), State (ST),
    Country (C), and email address if present. Each field is displayed with its
    OID so you can verify the exact ASN.1 attribute.
  • Public key — algorithm type (RSA or EC), key size in bits for RSA keys
    or the curve name for Elliptic Curve keys (e.g. prime256v1, secp384r1).
  • Signature algorithm — the hash-and-sign combination used to self-sign
    the CSR, displayed in both dotted OID notation and human-readable form
    (sha256WithRSAEncryption, ecdsa-with-SHA256, etc.).
  • SHA-256 fingerprint — a unique hash of the DER-encoded CSR body, useful
    for tracking and verification across systems.

Why You’d Want to Decode a CSR

A CSR decoder is invaluable when you need to:

  • Verify CSR contents before submission — before sending a request to a
    Certificate Authority like Let’s Encrypt, DigiCert, or Sectigo, confirm that
    the subject fields and SANs are exactly what you intended. A typo in the CN
    discovered after issuance wastes time and potentially a certificate slot.
  • Audit certificates generated by automation — if your CI/CD pipeline
    generates CSRs programmatically, spot-check the output to confirm key type,
    size, and subject match your security policy.
  • Troubleshoot CA rejections — when a CA rejects a CSR with a cryptic
    error, decode it to check whether the key type or signature algorithm is
    supported by that CA. Some older CAs don’t accept ECDSA keys or SHA-512
    signatures.
  • Document certificate issuance workflows — keep a copy of the decoded
    CSR fields alongside your internal change management records.
  • Learn ASN.1 structure — the tool shows raw OIDs, making it useful for
    engineers studying X.509 and PKI internals.

Supported Input Formats

The CSR parser accepts two input formats and auto-detects which one you pasted:

  • PEM format — the standard -----BEGIN CERTIFICATE REQUEST----- header
    and footer with Base64-encoded DER body. This is the output of openssl req -new and what every CA expects.
  • Raw Base64 — just the Base64 body without PEM headers. Handy when you’ve
    extracted the body from a file or received it through an API.

Privacy — Nothing Leaves Your Browser

Unlike cloud-based CSR parsers that upload your data to a remote server, our
tool performs the entire ASN.1 decoding client-side using JavaScript. The CSR
never leaves your computer. You can inspect sensitive internal certificates
without worrying about data exposure.

OpenSSL Equivalent

The same information is available via:

openssl req -in crtmgr.com.csr -noout -text

Our web-based decoder formats the output into structured fields with copyable
values, making it easier to share specific details with colleagues.

Rate Limits

There are no rate limits on CSR decoding — the computation happens entirely in
your browser, so you can parse as many requests as you need.

Related Tools

  • CSR Generator — fill in a form and get the exact OpenSSL
    command plus an optional openssl.cnf config file to generate the CSR you just
    inspected.
  • SSL Certificate Decoder — once your Certificate Authority
    issues the certificate, paste it here to verify the subject, SANs, key type, and
    validity window match what you requested.
Scroll to Top