PKI Toolkit
CSR Decoder

Decode a CSR and see exactly what it requests

Paste or upload a certificate signing request to check the subject, public key, signature algorithm, and any Subject Alternative Names before you submit it to a Certificate Authority.

Runs entirely in your browser — nothing you paste or upload is sent anywhere

Decode a CSR

A CSR only contains public information — your public key and the identity details you're requesting. It's safe to paste here for a quick sanity check before sending it onward.

Accepted format: PEM-encoded CSR
Ready to check
Paste or upload a CSR and press Decode to see its contents.

What you'll see

The decoder reads the fields already present in the CSR — it does not contact a CA or verify anything against the outside world.

Subject
No CSR decoded yet.
Public key
Signature algorithm
Key fingerprint
Subject Alternative Names
Other requested extensions
For non-technical readers

What a CSR actually contains

Think of a CSR as an application form: it states who you are, which domain names you want covered, and includes your public key so the Certificate Authority can build a certificate around it. It never contains your private key.

Why decode before submitting

Catch mistakes before the CA does

Decoding your CSR first lets you confirm the subject name and Subject Alternative Names are exactly right. Fixing a typo here is free; fixing it after a certificate has been issued usually means requesting a replacement.

Next step

Once your certificate is issued

After the CA returns a signed certificate, use the Certificate & CSR Validator to confirm the certificate was built from this exact request.