Question 1

How do I decode an SSL certificate?

Accepted Answer

Paste your certificate (the text between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the decoder above and click Decode. The tool uses the node-forge library to parse the X.509 structure and displays subject, issuer, validity dates, SANs, fingerprints, and extensions.

Question 2

What is an SSL certificate?

Accepted Answer

An SSL/TLS certificate is a digital document that binds a public key to a server's identity. Browsers use it to verify they're talking to the real server and to establish an encrypted HTTPS connection. Certificates follow the X.509 standard and are typically stored in PEM format.

Question 3

How do I get my SSL certificate in PEM format?

Accepted Answer

Run this OpenSSL command to fetch a live certificate: openssl s_client -connect example.com:443

Question 4

What does CN (Common Name) mean?

Accepted Answer

The Common Name (CN) is the primary hostname the certificate was issued for (e.g., www.example.com). Modern certificates use Subject Alternative Names (SANs) to cover multiple domains. If a certificate's SANs don't include the domain you're visiting, browsers show a certificate error.

Question 5

What are Subject Alternative Names (SANs)?

Accepted Answer

SANs list all domain names, IP addresses, and email addresses the certificate is valid for. A wildcard SAN (*.example.com) covers one level of subdomains. A single certificate can have hundreds of SANs — common for CDNs and multi-tenant platforms.

Question 6

What does the SHA-256 fingerprint mean?

Accepted Answer

The SHA-256 fingerprint is a hash of the complete certificate DER encoding. It uniquely identifies this specific certificate and is used for certificate pinning in mobile apps and APIs — ensuring a specific certificate is presented, not just any cert from a trusted CA.

Question 7

How do I check if an SSL certificate is valid?

Accepted Answer

Paste your certificate PEM into the decoder above and check the 'Not Before' and 'Not On Or After' fields. A valid SSL certificate shows a current date between these timestamps, lists your domain in the Subject Alternative Names (SANs), and was issued by a trusted Certificate Authority. The SHA-256 fingerprint uniquely identifies it.

Question 8

What information is in an SSL certificate?

Accepted Answer

An SSL certificate contains: the domain name (Subject CN and SANs), the issuing Certificate Authority (Issuer), validity dates (NotBefore/NotAfter), the server's public key, key algorithm and size, and a digital signature. DevDecode's SSL decoder extracts all these fields instantly — also try the PEM Decoder for raw key inspection.

SSL Certificate Decoder

Frequently Asked Questions

What Does an SSL Certificate Contain?

Related Tools

CSR Decoder

PEM Decoder

Certificate Decoder

SSL Converter