X.509 Certificate Decoder

Ek X.509 certificate ko uske subject, issuer, validity, SANs, key details, aur fingerprints mein decode karein — aapke browser mein parsed.

X.509 Certificate Decoder aapke certificate ko parse karta hai aur uske SHA-1 aur SHA-256 fingerprints poori tarah aapke browser mein compute karta hai. Jo PEM ya DER aap paste karte hain woh kabhi aapke device se bahar nahi jaata aur kuch bhi ArrayKit ko upload nahi hota.

Certificate & Key Matcher kholein

X.509 Certificate Decoder ke baare mein

X.509 Certificate Decoder ek raw certificate ko un details mein badal deta hai jinki aapko use trust ya debug karne ke liye zaroorat hai. Ek PEM block paste karein, ya DER jo base64 ya hex ke roop mein diya gaya ho, aur yeh subject aur issuer distinguished names, ek saaf valid, expiring, ya expired status ke saath notBefore/notAfter window, serial number, har Subject Alternative Name (DNS, IP, email, URI), key usage aur extended key usage purposes, signature algorithm, aur public-key type aur size (RSA bits ya EC curve) lay out karta hai. Yeh SHA-1 aur SHA-256 fingerprints bhi compute karta hai taaki aap ek known thumbprint ke against compare kar sakein. Un developers aur SREs ke liye bana hai jo TLS certificates, mismatched chains, aur expiring endpoints verify karte hain. Parsing aur fingerprinting aapke device par hoti hai — jo certificate aap paste karte hain woh kabhi upload nahi hota.

Features

X.509 Certificate Decoder kaise use karein

  1. Ek certificate PEM form mein copy karein (-----BEGIN CERTIFICATE-----) ya DER ko base64/hex ke roop mein
  2. Use input box mein paste karein
  3. Decoded subject, issuer, validity, SANs, aur key details padhein
  4. Ek expected thumbprint ke against compare karne ke liye SHA-256 fingerprint copy karein

Example

Input

-----BEGIN CERTIFICATE-----
MIIDWjCCAkKgAwIBAgIGChssPU5f...
-----END CERTIFICATE-----

Output

Subject:   CN=example.com, O=Example Inc, C=US
Validity:  2024-01-01 → 2025-01-01 (valid)
SANs:      DNS example.com, DNS www.example.com, IP 127.0.0.1
Key:       RSA 2048-bit · SHA256withRSA
SHA-256:   FA:5D:BB:50:F9:9E:1A:55:...

Ek PEM certificate subject, validity, SANs, key, aur fingerprint mein decode hua.

Common errors aur troubleshooting

Aksar pooche jaane wale sawaal

Yeh decoder kaunse certificate formats padh sakta hai?
Yeh PEM certificates (-----BEGIN CERTIFICATE----- aur -----END CERTIFICATE----- ke beech ka Base64 block) aur raw DER bytes jo base64 ya hex ke roop mein diye gaye hon padhta hai. Yeh leaf, intermediate, aur root certificates ko ek hi tarah decode karta hai.
Main kaise bataoon ki ek certificate expire ho gaya hai?
Decoder notBefore aur notAfter dates aur ek status badge dikhata hai: window ke andar valid, jab 30 din se kam bache hon to expiring soon, aur notAfter beet jaane par expired. Yeh yeh bhi dikhata hai ki kitne din bache hain.
Subject Alternative Names kahan se aate hain?
Woh certificate ke SAN extension se aate hain. Tool har entry ko uske type ke saath list karta hai — DNS hostname, IP address, email, ya URI — jo browsers sach mein us address ke against match karte hain jise aap visit karte hain.
SHA-1 aur SHA-256 fingerprints kis liye hain?
Ek fingerprint poore certificate ka ek hash hai, isliye yeh us exact cert ko uniquely identify karta hai. Aap use ek CA ya aapki monitoring dwara published value ke against compare karte hain taaki confirm ho ki aap sahi certificate dekh rahe hain.
Kya yeh sirf RSA nahi, ek Elliptic Curve certificate bhi decode kar sakta hai?
Haan. RSA ke liye yeh modulus size bits mein report karta hai; EC ke liye yeh P-256 ya P-384 jaisa named curve report karta hai. Signature algorithm (jaise SHA256withRSA ya SHA256withECDSA) alag dikhaya jaata hai.
Kya jo certificate main paste karta hoon woh ek server ko bheja jaata hai?
Nahi. X.509 Certificate Decoder certificate ko parse karta hai aur uske fingerprints poori tarah aapke browser mein Web Crypto API se compute karta hai. Jo PEM ya DER aap paste karte hain woh aapke device par rehta hai.

Related tools

Saare ArrayKit tools