Decode a certificate
A certificate is public information by design, so it's always safe to paste or upload one here.
Paste or upload an issued TLS certificate to check its subject, issuer, validity window and expiry countdown, Subject Alternative Names, key usage, and fingerprint — at a glance.
Runs entirely in your browser — nothing you paste or upload is sent anywhereA certificate is public information by design, so it's always safe to paste or upload one here.
Every field below is read directly from the certificate — nothing is checked against a CA, a revocation list, or a live server.
A certificate is only trusted between its "valid from" and "valid to" dates. Past the expiry date, browsers and clients will reject it outright — this tool flags that countdown so you can renew before it becomes an outage.
Key Usage and Extended Key Usage restrict what a certificate is allowed to be used for — for example, whether it can authenticate a server, a client, or sign other certificates. A certificate missing "Server Authentication" won't work for TLS even if everything else looks fine.
A single certificate is only half the picture. Use the Certificate Chain Validator to confirm this certificate resolves up to a trusted root through its intermediates.