SSL Cert Converter

Field	Value	Copy
{{ row[0] }}	{{ row[1] }}
Nothing to show yet.

X.509 certificates are structured digital documents that identify a subject and its issuer, list a serial number, and define when the credential is valid. People often call them TLS or SSL certificates, and you may need to convert PEM to DER when exporting assets or preparing artifacts for automated deployments across environments in varied tooling.

You enter a certificate as text or by dropping a file, then select the target format to convert or inspect. Inputs accept PEM blocks, base64 strings, or common certificate files, while outputs include PEM with wrapped lines, raw DER bytes, or a compact summary of key fields shown as a table and downloadable JSON payload.

For example, you might export a server certificate as a .der file, convert it to readable PEM, and review the subject name alongside the validity period before installing it on staging or production. Check the issuer and serial as well, and avoid sharing materials obtained from unknown or untrusted sources. Open converted files only when you trust the origin.

When pasting base64, you can switch strict parsing on to fail fast if stray characters appear, which helps catch copy errors early and keeps the result predictable. If you paste a PEM chain, only the first certificate is shown for inspection and conversion, so verify each part separately to ensure nothing is missed during review.

Technical Details:

The converter detects input as PEM, base64, or binary by pattern and length, then decodes to a byte array and parses the structure as an X.509 certificate. It extracts the subject common name, issuer common name, serial number, and the “Not Before” and “Not After” timestamps. A derived value reports days remaining by comparing the expiration to the current clock. You can emit a PEM block with configurable line wrapping or a binary DER stream, or skip conversion and view a concise summary as a table and JSON payload. Processing is deterministic for identical inputs.

Processing Pipeline

Detect format by regex and base64 length checks.
Normalize input and derive a byte array.
Parse the byte array as an X.509 certificate.
Extract CN fields, serial, and validity timestamps.
Compute days remaining from the expiration timestamp.
Build PEM text with a chosen line wrap, if requested.
Emit raw DER bytes as a binary stream, if requested.
Assemble a summary payload for table and JSON views.

Days Remaining Formula

\begin{array}{lll} days & = & ⌈ \frac{t_notAfter - t_now}{1000 \cdot 60 \cdot 60 \cdot 24} ⌉ \end{array}

Symbols & Units

Symbols and units used in the formula
Symbol	Meaning	Unit/Datatype	Source
t_notAfter	Certificate expiration timestamp	ms since epoch	Derived from input
t_now	Current time at evaluation	ms since epoch	Client clock
days	Remaining validity days, rounded up	integer	Computed

Variables & Parameters

Key parameters and their meanings
Parameter	Meaning	Unit/Datatype	Typical Range	Sensitivity	Notes
outputFormat	Target encoding	enum	pem · der · info	High	Controls conversion vs summary.
pemWrap	PEM body line width	integer	≥ 16	Low	Default 64 characters.
strictB64	Base64 strictness toggle	boolean	on · off	Medium	Rejects non‑base64 characters when enabled.

Validation & Bounds Extracted from the Code

Validation rules and patterns
Field	Type	Min	Max	Step/Pattern	Error Text	Placeholder
Input text	string	—	—	`/-----BEGIN [^-]+-----[\s\S]*?-----END [^-]+-----/i`	Parse or conversion error.	Paste PEM, base64, or raw…
Base64 detection	regex	—	—	`^[A-Za-z0-9+/=\s]+$` & length % 4 = 0	Strict parsing error.	—
PEM wrap	number	16	—	step = 1	—	—
Output format	select	—	—	pem · der · info	—	—
File input	file	—	—	.pem .crt .cer .der .txt	—	—

I/O Formats & Encoding

Input and output formats
Input	Accepted Families	Output	Encoding/Precision	Rounding
Certificate text	PEM block; base64 blob	PEM	Wrapped lines, header/footer	—
Certificate bytes	DER file or binary paste	DER	Binary stream	—
Any of the above	PEM · base64 · DER	Info (table/JSON)	JSON fields: inputs, detected, parsed	Days rounded up (ceiling)

Units, Precision & Rounding Policy

Dates use UTC in YYYY‑MM‑DD HH:mm:ss, derived from ISO strings.
“Days remaining” is an integer using ceiling rounding.
PEM wrap width is an integer and clamps to at least 16.
Output size shown in the info table uses locale digit grouping.

Networking & Storage Behavior

Processing occurs in your browser. Files are processed locally; nothing is uploaded. No data is transmitted or stored server‑side.

Performance & Complexity

Decoding, parsing, and encoding are linear in input size. Large byte arrays are chunked in 32 768‑byte blocks during string conversion to keep memory stable.

Security Considerations

Outputs reflect the provided data; no trust or chain validation is performed.
Do not execute or install artifacts from untrusted sources.
Avoid pasting secrets; this utility targets certificates, not private keys.

Worked Example

Input: a .der certificate (~1.6 KiB). Action: set Output format to PEM and PEM wrap to 64. Result: a PEM block with headers and wrapped body, plus a summary with CN, issuer, validity, and computed days remaining.

Assumptions & Limitations

Only the first item of a PEM chain is displayed and converted. Heads‑up
Only CN, issuer, serial, and validity fields are surfaced in summaries.
SANs and other extensions are not listed in the info table.
Base64 non‑alphabet characters are stripped unless strict mode is enabled.
Binary‑as‑text inputs strip whitespace before byte mapping. Heads‑up
Time calculations rely on the client clock and can be skewed.
Expired certificates show negative days remaining.

Edge Cases & Error Sources

Incorrect PEM boundaries or mismatched BEGIN/END labels.
Base64 with invalid padding or length not divisible by four.
PEM blocks that are not certificates will fail to parse.
Extraneous characters in base64 when strict mode is on.
Binary pasted into the text box losing whitespace bytes.
Very large inputs pinning memory if many copies are kept.
Client clock far from real time altering “days remaining”.
Copying DER as text into an editor may corrupt bytes; download instead.

Scientific & Standards Backing

X.509 public‑key certificates and their PEM and DER encodings are widely used conventions for distributing certificate data across tooling and platforms.

Privacy & Compliance

Files are processed locally in your browser; nothing is uploaded. No data is transmitted or stored server‑side.

Step‑by‑Step Guide:

Follow these steps to convert or inspect a certificate.

Paste certificate text or drop a file into the input.
Select Output format: PEM, DER, or Info.
For PEM, set PEM wrap to your preferred width.
Toggle Strict base64 if your paste may include stray characters.
Copy or download the result from the selected tab.

Example: Drop certificate.der, choose PEM, set wrap = 64, then copy the PEM block for your configuration.

You now have a converted file or a concise summary ready for audits, tickets, or deployment notes.

FAQ:

Is my data stored?

No. Processing happens in your browser. Files are handled locally, and nothing is transmitted or retained by a server.

No sign‑in required.

Which formats are supported?

Inputs: PEM text, base64 blobs, or .cer/.crt/.der files. Outputs: PEM text, DER bytes, or an info summary as table and JSON.

PEM wrap width is configurable.

Does it validate trust or chains?

No. It parses and converts only. The summary lists key fields but does not verify trust, chain order, or revocation.

Review trust with your PKI tooling.

Why do I see “Parse or conversion error”?

The input may be malformed, not a certificate, or encoded incorrectly. Enable strict base64 to catch stray characters, or try a clean PEM export.

Check BEGIN/END lines and padding.

Why are times in UTC?

Validity timestamps are derived from ISO strings and shown as YYYY‑MM‑DD HH:mm:ss in UTC for consistency.

Local time zones are not applied.

Can I convert a private key or CSR?

No. The converter targets certificates. Private keys and certificate signing requests are not parsed.

Use dedicated tooling for keys or CSRs.

Does it support certificate chains?

When a chain is pasted, only the first item is shown and converted. Process each certificate individually if you need separate outputs.

Order and trust are not evaluated.

Why is DER output unreadable?

DER is binary. Use the download button to save a correct file. Copying as text may corrupt bytes.

Prefer download for byte‑exact outputs.

Any cost or license gates?

There is no account requirement or sign‑in. You can convert and inspect certificates directly in the browser.

Functionality is client‑side.

Troubleshooting:

Ensure PEM headers and footers match exactly.
Remove surrounding quotes or markup from pasted base64.
Re‑export the file if padding looks wrong.
Turn on strict base64 to detect stray characters.
Use the download button for DER to avoid text corruption.
Convert items in a chain one by one.
Verify your system clock if days remaining seems incorrect.

Output is blank or shows “—”? Select an output tab and format, then re‑run conversion with a valid certificate input.

Advanced Tips:

Tip Keep PEM wrap at 64 for broad interoperability across CLI tools.
Tip Copy the JSON summary to hand off consistent metadata in tickets.
Tip Use strict base64 when pasting from emails or PDFs to catch noise.
Tip For chains, label each file clearly to avoid order mistakes.
Tip Prefer downloads over copy for binary DER to preserve bytes.

Glossary:

X.509 Certificate: Standardized structure for public‑key certificates.
PEM: Base64 text with header and footer lines.
DER: Binary encoding of certificate data.
CN (Common Name): Primary identifier field in subject or issuer.
Issuer: Entity that signed and issued the certificate.
Serial Number: Unique certificate identifier in hexadecimal.
Not Before: Start of the validity period.
Not After: End of the validity period.
PEM Wrap: Configured line width for PEM bodies.
Certificate Chain: Ordered set of certificates from leaf to root.