PEM Certificate Encoder Decoder
Decode, encode, parse, and normalize PEM certificates, keys, CSRs, CRLs, and Base64 bodies. Inspect PEM blocks and fix line wrapping locally.
Paste a certificate, key, CSR, CRL, certificate chain, or raw Base64 body.
PEM Settings
PEM shape
-----BEGIN CERTIFICATE-----
Base64 body wrapped at 64 chars
-----END CERTIFICATE-----
Options
PEM handling runs locally in your browser. Avoid pasting real private keys unless you need to inspect or reformat them.
Output
PEM output will appear here.
Decode and Encode PEM Certificates and Keys
PEM files are commonly used for TLS certificates, public keys, private keys, certificate signing requests, certificate chains, and trust bundles. Each block contains a BEGIN label, a Base64 body, and a matching END label.
This PEM certificate decoder and encoder can parse PEM blocks, extract Base64 content, rebuild PEM text from raw Base64, normalize line wrapping, and identify common certificate or key labels.
How to Use the PEM Certificate Decoder and Encoder
- Paste a PEM block, certificate chain, public key, private key, CSR, CRL, or Base64 body.
- Choose whether to parse, extract Base64, rebuild PEM, normalize formatting, or inspect content.
- Select the PEM label when converting raw Base64 into a PEM block.
- Review detected block types, body length, estimated bytes, and warnings.
- Copy PEM, Base64, JSON, Markdown, CSV, or checklist output.
Convert PEM to Base64 or Base64 to PEM
To convert PEM to Base64, choose Extract Base64 body. The tool removes the BEGIN and END lines, blank lines, and line breaks while keeping the encoded body.
To convert Base64 to PEM, paste the raw Base64 text, choose Base64 body to PEM, select the correct PEM label, and set the required line length and line-break style.
Common PEM Block Types
- CERTIFICATE for X.509 certificates.
- PUBLIC KEY for public key material.
- PRIVATE KEY, RSA PRIVATE KEY, and EC PRIVATE KEY for private key material.
- CERTIFICATE REQUEST for CSRs.
- X509 CRL for certificate revocation lists.
- OPENSSH PRIVATE KEY for OpenSSH key format.
Example PEM Format
-----BEGIN CERTIFICATE----- MIIDXTCCAkWgAwIBAgI... -----END CERTIFICATE-----
PEM Decoding Is Not Certificate Validation
Extracting or reformatting PEM text only changes how the data is represented. It does not prove that a certificate is trusted, unexpired, issued by the right authority, or valid for a domain.
Use this tool for formatting and inspection. For trust decisions, use proper TLS validation, certificate chain checks, expiry checks, and key management processes.
Frequently Asked Questions
What does a PEM encoder decoder do?
It parses PEM text, extracts the Base64 body, rebuilds PEM blocks, and normalizes line wrapping for certificates and keys.
Can this validate a certificate?
No. It only processes PEM text. It does not validate certificate chains, expiry, hostname matching, or signatures.
Can this decode a private key?
It can parse and reformat private key PEM blocks, but it does not decrypt encrypted keys or verify key correctness.
What line length should PEM use?
PEM bodies are commonly wrapped at 64 characters per line. This tool uses 64 by default.
How do I convert PEM to Base64?
Choose Extract Base64 body. The tool removes the PEM header, footer, spaces, and line breaks and returns only the Base64 content.
How do I convert Base64 to a PEM certificate?
Paste the Base64 body, choose Base64 body to PEM, select CERTIFICATE as the label, and process the input.
Is anything uploaded when I process PEM text?
No. PEM handling runs directly in your browser.
