CSR Decoder

Decode PEM certificate signing requests in your browser and inspect subject, common name, SANs, public key details, signature algorithm, and fingerprints.

CSR inputPaste a PEM CSR only. Do not paste a private key.

This is a best-effort decoder. Review production requests yourself before trusting the result, and only paste public CSRs.

Deep dive

More context for CSR Decoder

Useful when you want to inspect a certificate signing request before you send it to a CA or thread it into a proxy-based deployment.

Overview

What is this tool?

It decodes a PEM-encoded certificate signing request locally in your browser and best-effort extracts the subject, common name, organization fields, SANs, public key details, signature algorithm, and fingerprint.

Input samples

Example inputs

PEM CSR

Typical request shape

-----BEGIN CERTIFICATE REQUEST-----
...base64 body...
-----END CERTIFICATE REQUEST-----

What to look for

Subject: CN=example.com
SANs: DNS names and IP addresses
Public key: algorithm and size
Signature algorithm: the request signature

When to use it

Common use cases

Check subject fields and SANs before you submit the request to a CA.
Confirm the public key algorithm and size before the request reaches a production workflow.
Review a CSR before you plug the resulting certificate into Nginx, Caddy, or a load balancer.

Navigation

Explore related workflows

Keep moving through the collection, workflow, and adjacent tools that usually belong with this page.

Part of collection

Jump to the broader tool set that covers the same problem space.

Security Header & Certificate Tools

Browser-based helpers for checking security headers, decoding certificates, reviewing CSRs, and spotting risky web configuration patterns.

Related workflow

Continue with the tool chain that usually goes together here.

Review certificates, tokens, and hashes

Inspect security headers, decode certificates and CSRs, and generate credentials or digests without uploading secrets.

HTTP Security Headers Checker SSL Certificate Decoder JWT Decoder Password Generator Hash Generator

Related tools

Open the closest adjacent tools without leaving the current context.

SSL Certificate Decoder Nginx Reverse Proxy Generator Caddyfile Generator HTTP Security Headers Checker CORS Header Generator / Checker JWT Decoder Password Generator Hash Generator

Answers

FAQ

Is this a full CSR validator?

No. It is a best-effort decoder that focuses on the fields most people need to inspect quickly.

Should I still verify the request with my CA or issuance pipeline?

Yes. Always confirm production certificate issuance with your CA or deployment process before you trust the result.

Can I paste a private key here?

No. Only paste the public CSR. Never paste a private key into the tool.

What should I check after decoding the CSR?

Match the subject, common name, SANs, key details, and signature algorithm, then continue with the certificate or proxy tools if everything looks right.

Disclaimer

Disclaimer / limitation note

This tool is a best-effort CSR decoder, not a replacement for CA checks or production issuance review. Always confirm the subject, SANs, public key details, and signature algorithm before you use the request in a real environment. Do not paste a private key; paste only the public CSR. All parsing happens locally in your browser and is not uploaded to a server.

Privacy

Privacy note

Decoding happens entirely in your browser. No backend request is needed, no login is required, and DevToolkit does not store the CSR content you paste here.