CSR Decoder — Certificate Signing Request Inspect a Certificate Signing Request.
100% offline
CSR (PEM / base64)

Paste a PEM CSR to decode it.

Parsed locally — your CSR is never uploaded.

About CSR Decoder — Certificate Signing Request

A Certificate Signing Request (CSR) is a PKCS#10 message you send to a Certificate Authority to request a TLS/SSL certificate. It bundles your subject details (common name, organization, country), your public key, and any requested extensions such as Subject Alternative Names — all signed by your private key.

This free CSR decoder reads a PEM certificate signing request and lays out its subject, public key algorithm and size, signature algorithm, and the SANs it requests. Use it to verify a CSR contains exactly the right hostnames and details before you hand it to a CA.

Decoding runs entirely in your browser — the CSR never leaves your device, so it is safe to inspect requests for production certificates.

Features

  • Decode the subject distinguished name (CN, O, OU, C, …)
  • See the public key algorithm and key size (RSA / EC)
  • Read the signature algorithm in a friendly form
  • List requested Subject Alternative Names (SANs)
  • 100% offline — your CSR is never uploaded

How to use

  1. Paste your PEM CSR (it starts with "-----BEGIN CERTIFICATE REQUEST-----") into the input box.
  2. Read the decoded Subject, Public Key, Signature Algorithm, and Requested SANs cards.
  3. Confirm the hostnames and details are correct, then copy any field you need.

Frequently asked questions

What is a CSR?

A Certificate Signing Request (PKCS#10) is a signed message containing your public key and identity details that you submit to a Certificate Authority to obtain an SSL/TLS certificate. The matching private key never appears in the CSR and stays on your server.

Does decoding a CSR expose my private key?

No. A CSR only contains your public key, subject details, and requested extensions. The private key is never part of the request, so decoding reveals nothing secret.

Where are the SAN hostnames in a CSR?

Subject Alternative Names are carried inside the extensionRequest attribute as a subjectAltName extension. This tool extracts and lists them so you can confirm every hostname your certificate will cover.

Is it safe to paste my CSR here?

Yes. Parsing happens entirely in your browser with no network requests, so the CSR stays on your device. A CSR contains no secrets, but you can still inspect it with confidence.

Related tools

X.509 / SSL Certificate Decoder — PEM & DER Online Inspect PEM/DER certificates locally. ASN.1 & DER Decoder & Viewer Online Decode ASN.1 / DER structures into a tree. JWT Decoder — Inspect JSON Web Tokens Online Decode and inspect JSON Web Tokens Base64 Encode & Decode Online – Free Tool Encode and decode Base64 strings

Everything runs locally in your browser — your input is never uploaded.