X.509 Certificate Decoder
Ek X.509 certificate ko uske subject, issuer, validity, SANs, key details, aur fingerprints mein decode karein — aapke browser mein parsed.
X.509 Certificate Decoder aapke certificate ko parse karta hai aur uske SHA-1 aur SHA-256 fingerprints poori tarah aapke browser mein compute karta hai. Jo PEM ya DER aap paste karte hain woh kabhi aapke device se bahar nahi jaata aur kuch bhi ArrayKit ko upload nahi hota.
Certificate & Key Matcher kholein
X.509 Certificate Decoder ke baare mein
X.509 Certificate Decoder ek raw certificate ko un details mein badal deta hai jinki aapko use trust ya debug karne ke liye zaroorat hai. Ek PEM block paste karein, ya DER jo base64 ya hex ke roop mein diya gaya ho, aur yeh subject aur issuer distinguished names, ek saaf valid, expiring, ya expired status ke saath notBefore/notAfter window, serial number, har Subject Alternative Name (DNS, IP, email, URI), key usage aur extended key usage purposes, signature algorithm, aur public-key type aur size (RSA bits ya EC curve) lay out karta hai. Yeh SHA-1 aur SHA-256 fingerprints bhi compute karta hai taaki aap ek known thumbprint ke against compare kar sakein. Un developers aur SREs ke liye bana hai jo TLS certificates, mismatched chains, aur expiring endpoints verify karte hain. Parsing aur fingerprinting aapke device par hoti hai — jo certificate aap paste karte hain woh kabhi upload nahi hota.
Features
- PEM certificates ya DER jo base64 ya hex ke roop mein diya gaya ho accept karta hai
- Subject aur issuer distinguished names aur serial number dikhata hai
- Validity window ko valid, expiring-soon, ya expired status ke saath display karta hai
- Har Subject Alternative Name list karta hai — DNS hosts, IPs, emails, aur URIs
- Key usage aur extended key usage ko readable purposes mein decode karta hai
- Signature algorithm aur public-key type aur size (RSA bits ya EC curve) report karta hai
- Web Crypto API se locally SHA-1 aur SHA-256 fingerprints compute karta hai
- Self-signed aur CA certificates ko ek nazar mein flag karta hai
X.509 Certificate Decoder kaise use karein
- Ek certificate PEM form mein copy karein (-----BEGIN CERTIFICATE-----) ya DER ko base64/hex ke roop mein
- Use input box mein paste karein
- Decoded subject, issuer, validity, SANs, aur key details padhein
- Ek expected thumbprint ke against compare karne ke liye SHA-256 fingerprint copy karein
Example
Input
-----BEGIN CERTIFICATE-----
MIIDWjCCAkKgAwIBAgIGChssPU5f...
-----END CERTIFICATE-----
Output
Subject: CN=example.com, O=Example Inc, C=US
Validity: 2024-01-01 → 2025-01-01 (valid)
SANs: DNS example.com, DNS www.example.com, IP 127.0.0.1
Key: RSA 2048-bit · SHA256withRSA
SHA-256: FA:5D:BB:50:F9:9E:1A:55:...
Ek PEM certificate subject, validity, SANs, key, aur fingerprint mein decode hua.
Common errors aur troubleshooting
- Decoder kehta hai input valid Base64 nahi hai. — Poora PEM block paste karein jismein BEGIN/END lines shaamil hon, ya agar aapke paas DER bytes hain, to unhe extra characters ke bina saaf base64 ya hex ke roop mein paste karein.
- Yeh report karta hai 'This does not look like an X.509 certificate.' — Aapne shayad ek private key, ek CSR, ya ek PKCS#12 file paste ki hai. Yeh tool sirf certificates decode karta hai — pehle certificate extract karein, ya keys aur CSRs ke liye matching tool use karein.
- Validity expired dikhati hai lekin site phir bhi ek browser mein load hoti hai. — Aap shayad leaf ke bajaye ek intermediate ya root certificate, ya ek cached copy decode kar rahe hain. Woh exact certificate decode karein jo server hostname ke liye present karta hai.
- SHA-256 fingerprint us se match nahi karta jo aapki monitoring dikhati hai. — Fingerprints poore certificate (DER) ke oopar hote hain. Ek alag fingerprint ka matlab ek alag certificate hai — confirm karein ki aapne sahi copy kiya, ek renewed ya re-issued cert nahi.
Aksar pooche jaane wale sawaal
- Yeh decoder kaunse certificate formats padh sakta hai?
- Yeh PEM certificates (-----BEGIN CERTIFICATE----- aur -----END CERTIFICATE----- ke beech ka Base64 block) aur raw DER bytes jo base64 ya hex ke roop mein diye gaye hon padhta hai. Yeh leaf, intermediate, aur root certificates ko ek hi tarah decode karta hai.
- Main kaise bataoon ki ek certificate expire ho gaya hai?
- Decoder notBefore aur notAfter dates aur ek status badge dikhata hai: window ke andar valid, jab 30 din se kam bache hon to expiring soon, aur notAfter beet jaane par expired. Yeh yeh bhi dikhata hai ki kitne din bache hain.
- Subject Alternative Names kahan se aate hain?
- Woh certificate ke SAN extension se aate hain. Tool har entry ko uske type ke saath list karta hai — DNS hostname, IP address, email, ya URI — jo browsers sach mein us address ke against match karte hain jise aap visit karte hain.
- SHA-1 aur SHA-256 fingerprints kis liye hain?
- Ek fingerprint poore certificate ka ek hash hai, isliye yeh us exact cert ko uniquely identify karta hai. Aap use ek CA ya aapki monitoring dwara published value ke against compare karte hain taaki confirm ho ki aap sahi certificate dekh rahe hain.
- Kya yeh sirf RSA nahi, ek Elliptic Curve certificate bhi decode kar sakta hai?
- Haan. RSA ke liye yeh modulus size bits mein report karta hai; EC ke liye yeh P-256 ya P-384 jaisa named curve report karta hai. Signature algorithm (jaise SHA256withRSA ya SHA256withECDSA) alag dikhaya jaata hai.
- Kya jo certificate main paste karta hoon woh ek server ko bheja jaata hai?
- Nahi. X.509 Certificate Decoder certificate ko parse karta hai aur uske fingerprints poori tarah aapke browser mein Web Crypto API se compute karta hai. Jo PEM ya DER aap paste karte hain woh aapke device par rehta hai.
Related tools
- Certificate & Private Key Matcher — Check karein ki koi SSL certificate aur private key ek saath belong karte hain ya nahi, seedhe aapke browser mein.
- PFX to PEM Extractor — Ek password-protected .pfx/.p12 file ko certificate, chain aur private-key PEM blocks mein split karein.
- SSH Key Generator — Ed25519, RSA ya ECDSA SSH key pairs aapke browser mein generate karein aur download karein.
- JWT Decoder — Ek JWT ka header aur payload decode karein aur exp/iat inspect karein (bina verification ke).
- Hash Generator — Web Crypto API ke through SHA-256 / SHA-1 / SHA-384 / SHA-512.
- CSP Generator — Content-Security-Policy header directive by directive banayein
Saare ArrayKit tools