Paste a PEM certificate and read its X.509 fields in plain language: subject and issuer, the validity window, the Subject Alternative Names it covers, the public key type and size, and the signature algorithm. It also flags an expired certificate, an expiry coming up soon, a weak signature, a small RSA key, and a self issued certificate.
An X.509 certificate looks like one opaque block of base64, but underneath it is a precise tree of values encoded with ASN.1 DER. This tool decodes the base64 to the raw DER bytes and walks that tree in your browser, reading each tag, length, and value, then maps the object identifiers it finds to readable names. The structure and field meanings follow RFC 5280, the standard that defines the certificate profile used for the public web.
The subject is who the certificate is for, and the issuer is who signed it. Both are distinguished names built from attributes like CN for the common name, O for the organization, and C for the country. The decoder lists each attribute so you can confirm the certificate names the host you expect, and it compares the issuer to the subject so you can see when a certificate signed itself.
Modern clients ignore the common name for host matching and rely on the Subject Alternative Name extension instead. This is the list of dNSName entries the certificate is actually valid for, and a certificate that does not list the host a client connected to will be rejected even if everything else checks out. The tool pulls out every DNS name, and any IP address entries, so you can confirm the coverage matches the names you serve.
Every certificate carries a notBefore and a notAfter date, which may be encoded as UTCTime for years up to 2049 or GeneralizedTime beyond that. The decoder parses both and compares notAfter to the current time, so an expired certificate is called out immediately and one that expires within about thirty days is flagged early enough to renew before clients start failing the handshake.
The certificate binds a public key to the subject. For an RSA key the tool reports the modulus size in bits, and for an elliptic curve key it reports the named curve. It also reads the signature algorithm, which is the proof that the issuer signed this exact certificate. A signature built on MD5 or SHA1 is treated as a weak signature, since collisions on those hashes are practical, and a small RSA key is flagged because a key under 2048 bits no longer resists modern factoring.
The findings list is a quick read of the certificate as it stands, not a full trust decision. It surfaces the conditions that most often break a deployment or weaken it: an expired or soon to expire date, a weak signature algorithm, a small key, a self issued leaf, and a validity period so long it becomes a liability. It does not check the chain to a trusted root, confirm revocation, or verify the signature against the issuer key, because those need material this page deliberately never touches. Judging whether a certificate is genuinely safe in context is the kind of reasoning an AI security testing approach works through rather than reading one field. For the wider set of transport and trust boundaries attackers probe, the web application security writing goes deeper, and the web security glossary defines the terms used here.