CSR Decoder

Decode and inspect Certificate Signing Request details — subject, public key, signature, and extensions

  1. Home
  2. /
  3. CSR Decoder

Enter a CSR in PEM format and click Decode

What is CSR Decoder?

A Certificate Signing Request (CSR) is a block of encoded text sent to a Certificate Authority (CA) when applying for an SSL/TLS certificate. It contains important information about the organization and the public key that will be used in the certificate. Inspecting a CSR before submission helps catch errors that could delay or prevent certificate issuance.

This decoder parses a CSR in PEM format and extracts all relevant details: subject fields (Common Name, Organization, Organizational Unit, Locality, State, Country), public key algorithm (RSA or EC) and key size, signature algorithm, and X.509 extensions including Subject Alternative Names (SANs) and key usage attributes.

Common use cases include verifying CSR content for accuracy before submitting to a CA, checking the key algorithm and strength for security compliance, reviewing SAN entries for multi-domain certificates, auditing certificate requests in security workflows, and troubleshooting CSR-related errors.

How to Use This Tool

  1. Get your CSR — Obtain your CSR file in PEM format. It should start with -----BEGIN CERTIFICATE REQUEST----- and end with -----END CERTIFICATE REQUEST-----.
  2. Paste the CSR — Copy and paste the full PEM content into the input textarea.
  3. Click Decode — The tool parses the CSR and displays the decoded information in organized cards.
  4. Review subject fields — Check the Subject card for Common Name (CN), Organization (O), and other identifying information.
  5. Inspect key and extensions — Verify the public key algorithm and size, signature algorithm, and any SAN entries or key usage extensions.
  6. Try examples — Use the sample buttons (RSA 2048, EC P-256, With SAN) to load test data and explore the tool.

Frequently Asked Questions

Is my CSR data sent to a server?

No. All decoding is performed locally in your browser using JavaScript. Your CSR data never leaves your device, making it safe for sensitive certificate requests.

What is the difference between PEM and DER formats?

PEM (Privacy-Enhanced Mail) is a Base64-encoded format with header/footer lines, making it human-readable and easy to copy. DER (Distinguished Encoding Rules) is a binary format. This tool accepts PEM format. Use the openssl req -in request.csr -out request.pem command to convert DER to PEM if needed.

Can I decode CSRs with multiple SAN entries?

Yes. The tool parses all Subject Alternative Names from the CSR extensions and displays them in the Extensions card. This includes DNS names, IP addresses, and other SAN types.

What key algorithms are supported?

The tool supports both RSA (key sizes from 1024 to 4096 bits) and Elliptic Curve (EC) keys, including common curves like P-256, P-384, and P-521. The algorithm and key size are displayed in the Public Key card.

Can this tool generate CSRs too?

This tool is designed for decoding and inspecting existing CSRs only. For CSR generation, please use our dedicated CSR Generator tool, which can be found in the Related Security Tools section.

Last updated: 9 Jul 2026