SSL Tools
CSR Decoder
Decode and inspect Certificate Signing Requests — view subject, key info, and SANs
What Is a CSR and Why Decode It?
A Certificate Signing Request (CSR) is a block of encoded text submitted to a Certificate Authority (CA) when applying for an SSL/TLS certificate. It contains your public key plus identifying information — the domain name, organization, and location — signed with your private key to prove possession. Before submitting a CSR to a CA, decoding it lets you verify that every field is correct: the right Common Name, the expected key size, and any Subject Alternative Names (SANs) for multi-domain coverage.
What Fields Does a CSR Contain?
A standard PKCS#10 CSR includes a subject distinguished name (CN, O, OU, C, ST, L), a public key with its algorithm and key size (typically RSA 2048 or 4096 bits), a signature algorithm (usually SHA-256 with RSA), and optional extensions like Subject Alternative Names. The CA uses these fields to populate your final certificate. Verifying the CSR signature confirms the request was not tampered with in transit and that you hold the matching private key.
When Should You Verify a CSR?
Always inspect a CSR before submitting it to a CA. Common mistakes include misspelled domain names, missing SANs for www or API subdomains, incorrect organization details, and weak key sizes. Catching these errors before submission saves time and avoids costly re-issuance. This decoder runs entirely in your browser using the node-forge library, so your private data never leaves your device.