PEM-Zertifikat-Parser (Basis)

Parsen Sie PEM-Schlüssel und Zertifikate mit Fingerprints und Metadaten

What is a PEM Certificate?

PEM (Privacy-Enhanced Mail) is the most widely used encoding format for X.509 certificates, private keys, and certificate chains in TLS/SSL infrastructure. A PEM file wraps DER-encoded binary data in Base64 with distinctive header and footer lines — -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- — making it safe to transmit through text-based protocols like email, paste into configuration files, or store in version control systems. Despite its name referencing email, PEM has become the de facto standard for certificate exchange across web servers, load balancers, CDNs, and container orchestration platforms.

This tool parses PEM-encoded X.509 certificates entirely in the browser, extracting the structured fields defined by the X.509 standard: subject distinguished name, issuer distinguished name, validity period (notBefore/notAfter), serial number, signature algorithm, public key parameters, and extensions such as Subject Alternative Names (SANs), Key Usage, and Basic Constraints. It also computes the certificate fingerprint (SHA-256 hash of the DER-encoded certificate) used to uniquely identify certificates in trust stores, pinning configurations, and certificate transparency logs. No certificate data is transmitted to any server — all parsing and computation happens client-side.

PEM vs DER Encoding: Understanding Certificate Formats

Certificates exist in two fundamental encoding formats, both carrying identical information but suited to different contexts:

  • DER (Distinguished Encoding Rules): The raw binary encoding of an ASN.1 structure as defined by ITU-T X.690. DER is a canonical subset of BER (Basic Encoding Rules) that produces exactly one valid encoding for any given ASN.1 value. This determinism is essential for cryptographic signatures — the signature covers the exact DER byte sequence, so any encoding variation would invalidate the signature. DER files typically use .der, .cer, or .crt extensions and cannot be opened in a text editor.
  • PEM (Privacy-Enhanced Mail): A text-safe wrapper around DER data. The DER bytes are Base64-encoded (per RFC 4648) and framed between type-specific header and footer markers. PEM files use .pem, .crt, or .cer extensions and can contain multiple objects (certificate chains) concatenated sequentially. Line length is conventionally limited to 64 characters per RFC 7468.

Converting between PEM and DER is a straightforward operation: to go from PEM to DER, strip the header/footer lines and Base64-decode the remaining content. To go from DER to PEM, Base64-encode the binary data, wrap at 64 characters, and add the appropriate markers. The underlying certificate data — subject, issuer, validity, extensions — is identical regardless of which encoding is used. Tools like openssl x509 -inform pem -outform der perform this conversion routinely.

PEM is preferred for human-readable contexts (Apache/Nginx configuration, Kubernetes Secrets, AWS ACM imports) while DER is preferred for programmatic contexts (Java keystores, Windows certificate stores, embedded systems with constrained storage).

X.509 Certificate Structure and Fields

An X.509 v3 certificate, as defined in RFC 5280, contains a precisely structured set of fields organized into three main components: the TBS (To-Be-Signed) certificate body, the signature algorithm identifier, and the signature value itself. The TBS body contains all the information that the issuing Certificate Authority signs:

  • Version: Almost always v3 (value 2 in the encoding) for modern certificates, which enables extensions. Versions 1 and 2 are obsolete and lack extension support.
  • Serial Number: A unique positive integer assigned by the CA. RFC 5280 requires it to be unique per CA and recommends at least 20 bytes of entropy for publicly trusted certificates (CA/Browser Forum Baseline Requirements).
  • Signature Algorithm: Identifies the algorithm used to sign the certificate (e.g., sha256WithRSAEncryption, ecdsa-with-SHA384). Must match the outer signatureAlgorithm field.
  • Issuer: The Distinguished Name (DN) of the Certificate Authority that issued and signed this certificate. Contains components like CN (Common Name), O (Organization), C (Country), and OU (Organizational Unit).
  • Validity: A pair of timestamps — notBefore (earliest valid time) and notAfter (expiration time). Certificates outside this window must be rejected by relying parties.
  • Subject: The Distinguished Name of the entity the certificate is issued to. For TLS certificates, the CN traditionally held the domain name, though modern practice uses the Subject Alternative Name extension instead.
  • Subject Public Key Info: Contains the algorithm identifier and the actual public key material (RSA modulus+exponent, EC curve point, or Ed25519 key).
  • Extensions (v3): Optional fields including Subject Alternative Names (SANs), Key Usage, Extended Key Usage, Basic Constraints, Authority Key Identifier, CRL Distribution Points, and Authority Information Access (OCSP responder URL).

Understanding this structure is essential for debugging TLS configuration issues: mismatched subjects, expired validity periods, missing SANs, incorrect key usage flags, and broken chain-of-trust paths are among the most common certificate errors encountered in production deployments.

Certificate Fingerprint Computation

A certificate fingerprint (also called thumbprint) is the cryptographic hash of the entire DER-encoded certificate. It is not part of the certificate itself — it is computed externally as a unique identifier for the certificate. The fingerprint covers every byte of the DER encoding, including the signature, making it a reliable way to distinguish between certificates even when they share the same subject or issuer.

The standard fingerprint algorithm is SHA-256, producing a 64-character hexadecimal string (often displayed with colon separators: A1:B2:C3:...). SHA-1 fingerprints (40 hex characters) are still encountered in legacy tools and certificate stores but are deprecated for new deployments. The fingerprint is computed by:

  1. Taking the complete DER-encoded certificate (not just the TBS portion)
  2. Computing the SHA-256 hash of the raw DER bytes
  3. Encoding the resulting 32 bytes as a hexadecimal string

Certificate fingerprints are used in multiple security contexts: HTTP Public Key Pinning (HPKP, now deprecated but historically significant), certificate transparency log identifiers, DANE/TLSA DNS records (RFC 6698), SSH host key verification (ssh-keygen -lf), and trust store management where administrators need to identify specific certificates unambiguously. They also appear in browser security UIs when inspecting site certificates.

The critical property of fingerprints is collision resistance: it must be computationally infeasible to create two different certificates with the same fingerprint. SHA-256 provides 128 bits of collision resistance, making such attacks impractical with current and foreseeable computing capabilities.

Certificate Chains and Trust Hierarchies

TLS certificate validation relies on a chain-of-trust model rooted in Certificate Authorities. A complete certificate chain typically contains three levels: the end-entity (leaf) certificate issued to the domain, one or more intermediate CA certificates, and the root CA certificate pre-installed in the operating system or browser trust store. Each certificate in the chain is signed by the private key corresponding to the next certificate's public key, forming a cryptographic path from the leaf to the trusted root.

PEM files can contain entire chains by concatenating multiple certificate blocks. The conventional order is leaf-first: the end-entity certificate appears at the top, followed by intermediate CAs in order, with the root CA optionally omitted (since relying parties already have it in their trust store). Server operators must configure the correct chain to avoid validation failures on clients that do not perform automatic intermediate certificate discovery (AIA fetching).

Common chain-related issues include: missing intermediate certificates (causing "unable to verify" errors on some clients), incorrect ordering, expired intermediates, cross-signed certificate confusion, and path length constraint violations in the Basic Constraints extension. This parser identifies each certificate's position in a chain by matching issuer DNs to subject DNs and checking Authority/Subject Key Identifiers.

Code Examples

Parsing a PEM certificate and computing its SHA-256 fingerprint in JavaScript

// Parse PEM, extract DER, and compute SHA-256 fingerprint
function pemToDer(pem) {
  // Remove header, footer, and whitespace
  const base64 = pem
    .replace(/-----BEGIN CERTIFICATE-----/, '')
    .replace(/-----END CERTIFICATE-----/, '')
    .replace(/\s+/g, '');

  // Decode Base64 to binary
  const binaryString = atob(base64);
  const bytes = new Uint8Array(binaryString.length);
  for (let i = 0; i < binaryString.length; i++) {
    bytes[i] = binaryString.charCodeAt(i);
  }
  return bytes.buffer;
}

async function computeCertFingerprint(pemCert, algorithm = 'SHA-256') {
  // Convert PEM to DER (raw binary)
  const derBuffer = pemToDer(pemCert);

  // Compute hash of the entire DER-encoded certificate
  const hashBuffer = await crypto.subtle.digest(algorithm, derBuffer);

  // Format as colon-separated hex string
  const hashArray = Array.from(new Uint8Array(hashBuffer));
  return hashArray
    .map(b => b.toString(16).padStart(2, '0').toUpperCase())
    .join(':');
}

// Usage
const pem = `-----BEGIN CERTIFICATE-----
MIIBojCCAUmgAwIBAgIUY3oCR...base64data...
-----END CERTIFICATE-----`;

const fingerprint = await computeCertFingerprint(pem);
console.log('SHA-256 Fingerprint:', fingerprint);
// → "A1:B2:C3:D4:E5:F6:07:18:29:3A:4B:5C:6D:7E:8F:90:..."

Output:

SHA-256 Fingerprint: A1:B2:C3:D4:E5:F6:07:18:29:3A:4B:5C:6D:7E:8F:90:A1:B2:C3:D4:E5:F6:07:18:29:3A:4B:5C:6D:7E:8F:90

Extracting certificate validity and checking expiration

// Parse X.509 fields from a PEM certificate using Web APIs
// Note: Full ASN.1 parsing requires a library like asn1js or pkijs
// This example demonstrates the high-level workflow

async function checkCertExpiry(pemCert) {
  const derBuffer = pemToDer(pemCert);

  // In a real implementation, parse ASN.1 structure to extract:
  // - TBSCertificate.validity.notBefore
  // - TBSCertificate.validity.notAfter
  // Libraries like pkijs provide full X.509 parsing:

  // import { Certificate } from 'pkijs';
  // const cert = Certificate.fromBER(derBuffer);
  // const notBefore = cert.notBefore.value;
  // const notAfter = cert.notAfter.value;

  const notAfter = new Date('2025-12-31T23:59:59Z'); // parsed from cert
  const now = new Date();
  const daysRemaining = Math.floor(
    (notAfter.getTime() - now.getTime()) / (1000 * 60 * 60 * 24)
  );

  return {
    expiresAt: notAfter.toISOString(),
    daysRemaining,
    isExpired: daysRemaining < 0,
    needsRenewal: daysRemaining < 30
  };
}

const status = await checkCertExpiry(pem);
console.log(status);
// → { expiresAt: "2025-12-31T23:59:59.000Z", daysRemaining: 180,
//     isExpired: false, needsRenewal: false }

Standards & Specifications

  • RFC 7468 — Textual Encodings of PKIX, PKCS, and CMS Structures — defines PEM encoding rules for certificates and keys
  • RFC 5280 — Internet X.509 PKI Certificate and CRL Profile — the authoritative specification for X.509 v3 certificate structure
  • ITU-T X.509 — The ITU-T recommendation defining the X.509 authentication framework and certificate format
  • RFC 4648 — The Base16, Base32, and Base64 Data Encodings — defines the Base64 alphabet used within PEM blocks