Certificate Parser Form
Example Data Table
| Field | Example Value | Meaning |
|---|---|---|
| Version | v3 | Indicates the certificate structure version. |
| Subject CN | www.example.com | Common name assigned to the certificate subject. |
| Issuer CN | Example Intermediate CA | Certificate authority that issued the certificate. |
| Remaining Days | 42.00 | Days left between reference date and expiry. |
| Risk Score | 35/100 | Heuristic indicator based on expiry and validation checks. |
Formula Used
This parser calculates operational validity metrics from certificate timestamps and validation checks.
- Total Validity Days = (Valid To − Valid From) ÷ 86,400
- Elapsed Days = (Reference Date − Valid From) ÷ 86,400
- Remaining Days = (Valid To − Reference Date) ÷ 86,400
- Validity Progress % = (Elapsed Days ÷ Total Validity Days) × 100
- Remaining Validity % = (Remaining Days ÷ Total Validity Days) × 100
- Risk Score = Expiry factor + hostname mismatch + weak key + self-signed factor
Risk scoring is a practical heuristic. It is useful for triage, not a substitute for full trust-chain validation.
How to Use This Calculator
- Paste an X509 certificate in PEM format.
- Set a reference date for the validity check.
- Optionally enter the hostname you expect to match.
- Choose an expiry warning threshold in days.
- Click Parse Certificate to generate the result table, metrics, and graph.
- Use the CSV and PDF buttons to export the parsed report.
Frequently Asked Questions
1. What certificate text can I paste into this tool?
You can paste a full PEM certificate or a plain base64 certificate body. The parser will try to normalize base64 content into PEM automatically before decoding.
2. Does this page verify certificate trust chains?
No. It parses a single certificate and calculates local metrics. Full trust, revocation, and chain validation require server-side trust store checks beyond this page.
3. Why can a hostname show no match?
A mismatch appears when the expected hostname does not align with SAN entries or the common name. Wildcard patterns are checked with a simple one-label rule.
4. How is the risk score calculated?
The score increases for expired certificates, not-yet-valid dates, short remaining life, hostname mismatches, smaller key sizes, and likely self-signed structures.
5. Can this tool parse DER files directly?
This page accepts pasted certificate text. Convert DER content to PEM first, then paste it here. The parser works best with readable certificate blocks.
6. Why are the dates shown in UTC?
UTC keeps comparisons consistent across regions and servers. It avoids timezone confusion when measuring validity windows and calculating elapsed or remaining days.
7. What does “Likely Yes” mean for self-signed?
It means the subject and issuer distinguished names appear identical. That is a useful indicator, but it is still a heuristic rather than a full signature proof.
8. Can I export the parsed certificate report?
Yes. After parsing, use the CSV or PDF buttons to download the current result table for documentation, review, or offline sharing.