Free CSR Decoder — Parse and Inspect Certificate Signing Requests Online
Paste a Certificate Signing Request in PEM or raw Base64 format and instantly
decode every field — subject details, public key information, signature
algorithm, and SHA-256 hash. No uploads, no account, no limits on usage. The
entire parsing happens in your browser using a pure JavaScript ASN.1 engine.
What a CSR Decoder Reveals
A Certificate Signing Request is a binary ASN.1 structure wrapped in Base64
with PEM headers. Our decoder extracts:
- Subject fields — the complete Distinguished Name including Common Name
(CN), Organization (O), Organizational Unit (OU), Locality (L), State (ST),
Country (C), and email address if present. Each field is displayed with its
OID so you can verify the exact ASN.1 attribute. - Public key — algorithm type (RSA or EC), key size in bits for RSA keys
or the curve name for Elliptic Curve keys (e.g. prime256v1, secp384r1). - Signature algorithm — the hash-and-sign combination used to self-sign
the CSR, displayed in both dotted OID notation and human-readable form
(sha256WithRSAEncryption, ecdsa-with-SHA256, etc.). - SHA-256 fingerprint — a unique hash of the DER-encoded CSR body, useful
for tracking and verification across systems.
Why You’d Want to Decode a CSR
A CSR decoder is invaluable when you need to:
- Verify CSR contents before submission — before sending a request to a
Certificate Authority like Let’s Encrypt, DigiCert, or Sectigo, confirm that
the subject fields and SANs are exactly what you intended. A typo in the CN
discovered after issuance wastes time and potentially a certificate slot. - Audit certificates generated by automation — if your CI/CD pipeline
generates CSRs programmatically, spot-check the output to confirm key type,
size, and subject match your security policy. - Troubleshoot CA rejections — when a CA rejects a CSR with a cryptic
error, decode it to check whether the key type or signature algorithm is
supported by that CA. Some older CAs don’t accept ECDSA keys or SHA-512
signatures. - Document certificate issuance workflows — keep a copy of the decoded
CSR fields alongside your internal change management records. - Learn ASN.1 structure — the tool shows raw OIDs, making it useful for
engineers studying X.509 and PKI internals.
Supported Input Formats
The CSR parser accepts two input formats and auto-detects which one you pasted:
- PEM format — the standard
-----BEGIN CERTIFICATE REQUEST-----header
and footer with Base64-encoded DER body. This is the output ofopenssl req -newand what every CA expects. - Raw Base64 — just the Base64 body without PEM headers. Handy when you’ve
extracted the body from a file or received it through an API.
Privacy — Nothing Leaves Your Browser
Unlike cloud-based CSR parsers that upload your data to a remote server, our
tool performs the entire ASN.1 decoding client-side using JavaScript. The CSR
never leaves your computer. You can inspect sensitive internal certificates
without worrying about data exposure.
OpenSSL Equivalent
The same information is available via:
openssl req -in crtmgr.com.csr -noout -text
Our web-based decoder formats the output into structured fields with copyable
values, making it easier to share specific details with colleagues.
Rate Limits
There are no rate limits on CSR decoding — the computation happens entirely in
your browser, so you can parse as many requests as you need.
Related Tools
- CSR Generator — fill in a form and get the exact OpenSSL
command plus an optionalopenssl.cnfconfig file to generate the CSR you just
inspected. - SSL Certificate Decoder — once your Certificate Authority
issues the certificate, paste it here to verify the subject, SANs, key type, and
validity window match what you requested.