Tools

TLS / Certificate Decoder

Inspect PEM certificates, compute fingerprints, and extract issuer, subject, validity, and SAN values from certificate text.

DNS LookupAttack Surface

Interpretation guide

Certificate metadata explains identity claims, not reputation.

Match the name

Subject and SAN values should match the service name being reviewed. A valid certificate for another name does not prove this endpoint is safe.

Check issuer and time

Issuer, validity dates, and fingerprints help compare observed certificates, but they do not prove ownership, exposure, compromise, or business approval.

Pair with context

Use DNS, asset inventory, service owner, certificate transparency, and endpoint behavior before drawing conclusions from certificate text alone.

Certificate output

Certificate metadata and fingerprints will appear here.