SSL/TLS Certificate Decoder

SSL/TLS Certificate Decoder reads an X.509 certificate in PEM format, parses its DER-encoded ASN.1 structure, and shows a complete decoded summary including subject, issuer, validity dates, public key details, and all standard extensions.

Certificate formats differ mostly in encoding and container style: PEM is Base64 text wrapped with headers (BEGIN/END), DER is raw binary ASN.1 data, and CRT/CER are filename extensions that may contain either PEM or DER depending on how the certificate was exported.

P7B bundles certificate chains but usually does not include private keys, while PFX/P12 containers are password-protected archives that can store certificate chains together with private keys for transport between servers, browsers, and operating systems.

Format quick guide

• PEM (.pem/.crt/.cer): text format, easy to inspect and version.
• DER (.der/.cer): compact binary format used by many APIs and Java tooling.
• P7B (.p7b/.p7c): certificate chain package without private key material.
• PFX/P12 (.pfx/.p12): PKCS#12 bundle that can include cert + private key.

Example commands

                              openssl x509 -in certificate.crt -noout -text -fingerprint -sha256
                            

                              Get-Content .\certificate.crt | openssl x509 -noout -text
                            

                              openssl x509 -in certificate.crt -noout -issuer -subject -dates -fingerprint -sha256