What is the difference between a certificate and a key?

A certificate is a public document containing the server's public key, identity information, and a CA's digital signature. The private key is the secret counterpart — it is never in the certificate and must be protected separately.

What does 'common name' mean in a certificate?

The Common Name (CN) field originally held the domain name the certificate was valid for. Modern browsers now use Subject Alternative Names (SANs) for domain validation and may ignore CN for this purpose. Both are usually present for backwards compatibility.

What is a wildcard certificate?

A wildcard certificate covers a domain and all of its subdomains at one level: *.example.com covers api.example.com and www.example.com but not sub.api.example.com. They are cheaper than multi-domain SAN certificates but less flexible.

DevTools Surf

Certificate Parser

This tool is not yet implemented.

About Certificate Parser

Certificate Parser preview - Security / Crypto tool

Parse X.509 SSL certificates with full metadata and validity checking. Part of the DevTools Surf developer suite. Browse more tools in the Security / Crypto collection.

Use Cases

Debug which domains a TLS certificate covers via SAN inspection
Verify certificate metadata before deploying to a web server
Check key size and signature algorithm for security compliance
Confirm validity period before scheduling automated renewal

Tips

Paste the full PEM block including BEGIN/END headers — the parser extracts subject, issuer, validity dates, SANs, key size, and signature algorithm
The Subject Alternative Names (SAN) section shows all domains the certificate is valid for — check this when debugging wildcard certificate coverage
The key usage extension defines what the certificate can be used for (signing, encryption, CA) — mismatches here cause subtle TLS handshake failures

Fun Facts

X.509 certificates were first specified in 1988 as part of the ITU-T X.500 directory standard. The modern form used for TLS is X.509 v3 (1996), which added Subject Alternative Names — the extension that allows a single certificate to cover multiple domains.
The PEM (Privacy Enhanced Mail) format — the base64 armor with BEGIN/END headers — was defined in RFC 1421 (1993) for securing email. Despite email encryption never taking off, PEM became the universal format for storing certificate and key files.
The longest valid TLS certificate ever issued was 5 years. As of September 2020, Apple's browser policy limited TLS certificate validity to 398 days (about 13 months), forcing annual certificate rotation across the industry.

FAQ

What is the difference between a certificate and a key?: A certificate is a public document containing the server's public key, identity information, and a CA's digital signature. The private key is the secret counterpart — it is never in the certificate and must be protected separately.
What does 'common name' mean in a certificate?: The Common Name (CN) field originally held the domain name the certificate was valid for. Modern browsers now use Subject Alternative Names (SANs) for domain validation and may ignore CN for this purpose. Both are usually present for backwards compatibility.
What is a wildcard certificate?: A wildcard certificate covers a domain and all of its subdomains at one level: *.example.com covers api.example.com and www.example.com but not sub.api.example.com. They are cheaper than multi-domain SAN certificates but less flexible.

Related Security / Crypto Tools

Hash Generator v2 HMAC Generator v2 JWT Encoder Bcrypt Hash Tester HMAC Generator Password Strength Analyzer TOTP / 2FA Generator SAML Response Decoder

DevTools Surf