CSR / Certificate Decoder
Paste a CSR or certificate PEM and read its subject, SANs, key and validity.
Parsed entirely in your browser — the PEM is never uploaded.
Frequently asked questions
What is a CSR?
A CSR (Certificate Signing Request) is a PKCS#10 block you send to a certificate authority to request a TLS certificate. It contains your subject details and public key, signed by your private key.
Is my CSR or key uploaded?
No. The PEM is parsed entirely in your browser with a bundled library, so nothing is sent to a server. A CSR contains only a public key anyway, never your private key.
What can I check with this?
You can confirm the subject (common name and organisation), the SANs, the public-key type and size, and the signature algorithm before submitting the CSR, or inspect an issued certificate the same way.
Why decode a CSR before submitting it?
To catch mistakes early: a wrong common name, a missing SAN, or a weak key means the issued certificate will not work, and reissuing wastes time. Verifying the CSR first avoids that.
Does it work on certificates too?
Yes. Paste a certificate PEM and it shows the subject, issuer, validity dates, SANs, key and signature details.
What key sizes are considered safe?
For RSA, 2048-bit is the modern minimum and 3072 or 4096-bit are stronger. Elliptic-curve keys such as P-256 are also widely used and efficient.