PEM / Certificate Decoder

Decode PEM-encoded X.509 certificates, RSA/EC public keys, and private keys. Shows certificate fields — subject, issuer, validity dates, SANs, and key size — from Base64 DER.

⌘↵ run · ⌘⇧C copy · ⌘K search tools

PEM Format Reference

PEM (Privacy-Enhanced Mail) is a Base64-encoded DER (Distinguished Encoding Rules) structure wrapped in -----BEGIN TYPE----- / -----END TYPE----- headers. It is the standard format for TLS certificates, public keys, private keys, and certificate signing requests (CSRs). The underlying structure is ASN.1 - a binary encoding of the certificate's typed fields.

Common PEM types

CERTIFICATE - X.509 TLS certificate (server cert, CA cert, intermediate)

CERTIFICATE REQUEST - CSR to submit to a CA

RSA PRIVATE KEY - PKCS#1 RSA private key

PRIVATE KEY - PKCS#8 unencrypted private key

PUBLIC KEY - SubjectPublicKeyInfo (SPKI) format

EC PRIVATE KEY - Elliptic curve private key

Related tools

JWT Generator
Hash Generator & Verifier
Base64 Encode / Decode

PEM / Certificate Decoder

PEM Format Reference

Common PEM types

Related tools

Cookie Consent