Tool

What's really in that certificate?

Paste a PEM certificate and read what it actually claims, who it's for, who signed it, when it expires, and what key protects it. It's parsed here, in your browser; the certificate is never uploaded.

Inspect a live site

Fetches the real certificate from that host (the domain is sent to this server to make the connection; public IPs only).

— or —

Paste a PEM certificate

🔒 Pasting stays local, nothing is sent anywhere.

What this is reading

A certificate is an ASN.1/DER structure wrapped in base64 (the PEM block). Inside is the subject (who the cert is for), the issuer (the CA that signed it), a validity window, the public key, and a signature. This tool walks that binary structure in JavaScript and pulls out the human-readable fields, including the Subject Alternative Names, which is the list of hostnames a cert is actually valid for (the Common Name alone has been deprecated for that since 2017).

It's a reader, not a validator: it shows what the certificate claims, not whether a browser would trust it (which also depends on the chain to a trusted root, revocation, and hostname matching).