TLS / Certificate Inspector

Paste any PEM-encoded X.509 certificate and get a full breakdown: subject and issuer fields (CN, O, C, OU), Subject Alternative Names, validity window with expiry countdown, key type (RSA/EC/Ed25519), serial number, signature algorithm, and SHA-256/SHA-1 fingerprints.

Highlights expired certificates, warns when expiry is within 30 days, and identifies self-signed and CA certificates. Pure client-side DER/ASN.1 parsing — no external libraries, nothing transmitted. Includes a Let's Encrypt intermediate certificate as a working example.