X.509 Certificate Parser
Guide
X.509 Certificate Parser
Parse and inspect X.509 certificates and CSRs from PEM format. Instantly see the subject, issuer, validity dates, serial number, public key details, signature algorithm, SAN (Subject Alternative Names), key usage extensions, and full field breakdown — without uploading the certificate to any server.
Comment utiliser
Paste your PEM-encoded certificate (beginning with -----BEGIN CERTIFICATE-----) or CSR into the input field, or use the built-in example. Click Parse to see all certificate fields displayed in a structured table.
Caractéristiques
- PEM certificate parsing – X.509 v1/v2/v3 and CSR support
- Full field display – subject, issuer, validity, serial, public key, SAN, extensions
- Key usage detection – identifies Digital Signature, Key Encipherment, CA flag, and more
- Signature algorithm – shows the signing algorithm (RSA-SHA256, ECDSA, etc.)
- Built-in example – real certificate for immediate testing
- Côté client uniquement – certificates never leave your browser
FAQ
-
What is an X.509 certificate and what does it contain?
An X.509 certificate is a digitally signed document that binds a public key to an identity (domain, organisation, or person). It contains: version, serial number, signature algorithm, issuer DN, validity period (notBefore/notAfter), subject DN, public key info (algorithm + key), and extensions (SAN, key usage, basic constraints, CRL distribution points, OCSP URL). The CA signs the certificate’s TBSCertificate structure to produce the final certificate.
-
What is the difference between DV, OV, and EV certificates?
Domain Validation (DV) certificates verify only that the applicant controls the domain, via DNS or HTTP challenge. Organisation Validation (OV) certificates additionally verify the legal organisation identity through documentation. Extended Validation (EV) certificates require the most rigorous vetting including legal existence, physical address, and phone verification. DV is sufficient for encryption; OV/EV provide identity assurance for higher-trust scenarios.
-
What are Subject Alternative Names (SAN) and why are they important?
SAN (RFC 5280) is an X.509v3 extension that lists all domain names and IP addresses a certificate is valid for. Modern browsers (since 2017) only use SAN for hostname validation and ignore the Common Name (CN) field for this purpose. A certificate without SAN will be rejected even if the CN matches. Wildcard SANs (*.example.com) match one subdomain level only and do not cover the apex domain or deeper subdomains.
-
What does certificate chain validation involve?
Chain validation verifies that each certificate in the chain is signed by the next certificate up to a trusted root CA. The browser/OS maintains a trust store of pre-installed root CA certificates. Validation checks: signature validity at each level, validity period, key usage extensions, revocation status (CRL or OCSP), and that the issuing CA has the CA:TRUE basic constraint. A chain is valid only if all checks pass at every level.
Installez nos extensions
Ajoutez des outils IO à votre navigateur préféré pour un accès instantané et une recherche plus rapide
恵 Le Tableau de Bord Est Arrivé !
Tableau de Bord est une façon amusante de suivre vos jeux, toutes les données sont stockées dans votre navigateur. D'autres fonctionnalités arrivent bientôt !
Outils essentiels
Tout voir Nouveautés
Tout voirMise à jour: Notre dernier outil was added on Avr 3, 2026
Impliquez-vous
Aidez-nous à continuer à fournir des outils gratuits et précieux
