Skip to main content

CSR Decoder

Decode a PKCS#10 Certificate Signing Request in your browser. Private-by-default — nothing leaves your device.

Paste your Certificate Signing Request (CSR) below. Parsing happens entirely in your browser — nothing is uploaded.

What Is a CSR?

A Certificate Signing Request (CSR) is a PKCS#10-formatted message you send to a Certificate Authority to request a TLS certificate. It contains your public key and the subject information you want on the issued certificate — but never your private key.

Privacy Note

This tool parses CSRs entirely in your browser. The PEM you paste is never sent to CertShield or any other server. You can verify this by opening your browser’s DevTools Network tab.

Common CSR Problems

  • Missing Subject Alternative Names. Modern browsers ignore the Common Name — every domain must be in the SAN list.
  • Weak key size. RSA keys must be at least 2048 bits; 4096 is recommended for long-lived certificates.
  • Wrong signature algorithm. SHA-1 signatures are no longer accepted. Use SHA-256 or stronger.

Related Tools

Certificate Decoder — Decode and inspect any X.509 certificate.