JSONToTable
Loading CSR Decoder...
Please wait a moment

How to Decode CSR - Step by Step Guide

Step 1

Get Your CSR File

First, you need to obtain the Certificate Signing Request (CSR) you want to decode. There are several ways to get your CSR:

From your server: Generated during SSL certificate request process
From a file: Upload a .csr, .pem, or .txt file directly
From your CA: Verify CSR before submitting to Certificate Authority
Try the sample: Click "Sample" to load an example CSR and see how it works

Example: PEM-Formatted CSR

CSRs should be in PEM format (PKCS#10) with BEGIN and END markers:

-----BEGIN CERTIFICATE REQUEST-----
MIICwzCCAasCAQAwfjEUMBIGA1UEAxMLZXhhbXBsZS5jb20xCzAJBgNVBAYTAlVT
MRMwEQYDVQQIEwpDYWxpZm9ybmlhMRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRQw
EgYDVQQKEwtFeGFtcGxlIEluYzEWMBQGA1UECxMNSVQgRGVwYXJ0bWVudDCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPOllsQL5vlhPBN7TCzsza7idwqJ
+hCkHNj0fyO8PwLQu4+23LPS7N2aBZYjN1uBS/Gn55aJwDq0KY0p45TnVNtzDuVE
Grpc+1wFCi1hxXBLyj5/KwiZktoF27fXIJWAzKp0CNNC3FEtjSzKZ0BAHXUYp/2b
RaStoCGhRmNmdljqcsLpIBfzQwWzWXozZ8grMdWzwFx+hFBdv6SvTrxrEn8lwyxb
WM7CrKpEduH5L81Ki7HU1AIp3Gmrr8JmxY8dFougTeTw7/fRqOKO0TB6VFEsoBNQ
pMJVocv6OpePRZV6VIbkKNzXQNciNmM8ujNWgS6e/RGpb/9tp4b7oHJIqGsCAwEA
AaAAMA0GCSqGSIb3DQEBBQUAA4IBAQDCOqsO5OqGH47YqIb/4tEzi7mVzv4ilcb5
cpHB14z2mEctTkVSC/6mOCzsIjn31k5WzGS1VjrJjsjhGJ7kFGvnY1OjIZ3hEyMt
S1h71bGBtKxoQMYJJ0/mqSHlBZfkJvxTweeSFX9thNLd6Kg/seW48WbuFKm7/APF
ZobUL7eZD5YF+WhGX8ujRnrzznQyda5Uq+XeztXh73nNyGmIkidmjWbw+SlS9PKt
EWMQZiu5Mq3CXPm9g49NtjEs+JY4YhxFFoV/njkccehFzC9EDGHldlsRgMep2Zuo
Lp5hmoLAQf2I2iYCqDitb82TpuJXzqjb0RCp6OlejpisZ9J4sGK3
-----END CERTIFICATE REQUEST-----
Step 2

Paste CSR and Auto-Decode

Simply paste your CSR into the decoder! The tool automatically parses the CSR and extracts all important information:

Instant parsing: CSR is decoded in real-time as you paste
Validation: Automatically checks CSR format and structure
All details extracted: Subject, public key, signature algorithm, and more

Example: Decoded CSR Information

The decoder extracts and displays key CSR details:

Common Name: example.com
Organization: Example Inc
Organizational Unit: IT Department
Locality: San Francisco
State: California
Country: US
Public Key: RSA 2048 bits
Signature: SHA1withRSA
Step 3

Verify CSR Details

Review the extracted CSR information to ensure everything is correct before submitting to a Certificate Authority:

Subject Information: Verify the domain name (CN) and organization details
Public Key: Check key algorithm and size (recommend 2048+ bits)
Signature Algorithm: Ensure modern algorithm (SHA256 or higher)
Fingerprints: Use SHA-256 fingerprint to verify CSR integrity
Step 4

Export CSR Information

Save the decoded CSR details for your records or documentation:

Download as JSON: Export all CSR details in structured JSON format
Copy fingerprints: Quick-copy SHA-256 or SHA-1 fingerprints for verification
Visual indicators: Green badge confirms CSR is valid and properly formatted

Frequently Asked Questions

What is a CSR decoder?

A CSR decoder is a tool that parses PKCS#10 Certificate Signing Requests and displays their contents in human-readable format. It extracts information like subject (domain name, organization), public key details, signature algorithm, and generates fingerprints from PEM-encoded CSR files following ASN.1 encoding rules.

Why should I decode my CSR before submitting it?

Decoding your CSR before submission helps verify that all information is correct - domain name, organization details, and key size. This prevents costly mistakes like ordering a certificate for the wrong domain or with incorrect organization information. Always verify your CSR matches your requirements before sending it to a Certificate Authority.

Is it safe to decode my CSR online?

Yes! CSRs contain only public information (public key and organizational details) and no sensitive data. Your CSR is processed entirely in your browser using client-side JavaScript - nothing is sent to our servers. CSRs do not contain private keys, so they're safe to share and decode online following OWASP security guidelines.

What CSR formats are supported?

The decoder supports PEM-formatted CSRs (PKCS#10 standard) which are Base64-encoded with BEGIN/END markers. This is the most common format generated by OpenSSL, web servers (Apache, Nginx), and SSL management tools. File extensions typically include .csr, .pem, or .txt.

What should I check in my decoded CSR?

Key things to verify: (1) Common Name (CN) matches your domain exactly, (2) Organization details are accurate, (3) Key size is at least 2048 bits for RSA as per cryptographic key recommendations, (4) Signature algorithm is SHA256 or higher (not MD5 or SHA1). These checks ensure your certificate will be valid and meet modern security standards.

Can I use this to verify a CSR matches my private key?

The CSR decoder shows the public key information, but to verify it matches your private key, you'll need a Certificate & Private Key Matcher tool. The CSR decoder helps verify the CSR content is correct before submitting to a Certificate Authority.

Related Tools

SSL Checker

Check SSL certificates on live websites - view validity, expiration dates, issuer details, and security status instantly

SSL Certificate Converter

Convert SSL certificates between formats: PEM (text), DER (hex), CRT (PEM file), CER (DER file) with auto-detection

SSL Certificate Decoder

Parse and view SSL/TLS certificate details including subject, issuer, validity, public key, extensions, and fingerprints

CSR Generator

Generate Certificate Signing Requests (CSR) with private and public keys for SSL/TLS certificates using RSA or ECDSA

Self-Signed Certificate Generator

Generate self-signed SSL certificates for testing and development environments with RSA or ECDSA keys

SSL Certificate Chain Validator

Validate SSL certificate chains, verify certificate order, and check trust paths