Paste the matching PKCS#8 private key to verify the certificate and key pair match.
What is a Certificate?
An X.509 certificate is a digital document that binds a public key to an identity (a hostname, company, or email). It is signed by a Certificate Authority (CA) or self-signed. Certificates are used in TLS/HTTPS to authenticate servers and enable encrypted communication.
What This Tool Shows
Paste a PEM-encoded certificate (BEGIN/END blocks) to see its decoded information — subject, issuer, validity dates, serial number, key algorithm, fingerprints, SANs, and more.
- Subject — the entity the certificate is issued to (e.g.
CN=google.com, O=Google LLC) - Issuer — the CA that signed the certificate
- Validity —
Not BeforeandNot Afterdates define the window when the cert is trusted - Serial Number — unique identifier assigned by the CA
- Fingerprints — SHA-1 and SHA-256 hashes of the certificate for identification and trust decisions
- SANs — Subject Alternative Names list all hostnames/IPs the cert is valid for beyond the CN
- Key Usage / Ext Key Usage — what the certificate key can be used for (e.g. TLS server auth, code signing)
Common Certificate Formats
- PEM — Base64-encoded with
-----BEGIN CERTIFICATE-----headers. Most common on Linux/macOS servers. - DER — Binary (ASN.1) format. Common on Windows. Convert with:
openssl x509 -in cert.der -inform DER -out cert.pem -outform PEM - PFX/P12 — PKCS#12 bundle containing cert + private key + chain. Common on Windows/Java. Convert with:
openssl pkcs12 -in cert.pfx -out cert.pem -nodes
Learn more at Wikipedia — X.509 and SSL.com — Certificates Explained.