What is X.509 Certificate Inspector?
X.509 Certificate Inspector decodes and displays the contents of X.509 digital certificates used in SSL/TLS, code signing, email encryption, and many other security protocols. Every HTTPS connection relies on X.509 certificates to establish trust between clients and servers. This tool lets you inspect every field of a certificate without command-line tools or OpenSSL.
Certificates contain critical information: the subject (who the certificate is issued to), the issuer (the certificate authority), the validity period, the public key, and extensions that define key usage, alternative names, and constraints. Understanding these fields is essential for debugging TLS errors, setting up certificate pinning, and managing PKI infrastructure.
How to Use X.509 Certificate Inspector
Paste a PEM-encoded certificate (the text between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) into the input area. The tool decodes the ASN.1 structure and presents all fields in a readable format.
The summary view shows the most important fields: Common Name, Organization, Issuer, Not Before/Not After dates, and an expiration countdown. The detail view lists every field including the serial number, signature algorithm, public key parameters, and all X.509v3 extensions.
For certificate chains, paste multiple certificates to inspect each one and verify the chain of trust from leaf to root.
Common Use Cases
- TLS debugging: Inspect server certificates to diagnose SSL/TLS connection failures caused by name mismatches, expired certificates, or incorrect chains.
- Certificate pinning: Extract SHA-256 fingerprints for implementing certificate or public key pinning in iOS and Android applications.
- PKI management: Review certificate details during issuance, renewal, or revocation processes to verify that all fields are correct.
- Code signing verification: Inspect code signing certificates used for iOS app distribution, macOS notarization, or Windows Authenticode.
- Security auditing: Check certificate key lengths, signature algorithms, and extensions to verify compliance with security policies and industry standards.