# PKI Viewer

> Inspect X.509 certificates, PKCS#7/P7M, PKCS#12/PFX, CSR and keys in your browser — details, validity, fingerprints. Fully client-side.

Source: https://www.jpkc.com/db/en/tools/pki/

## Understand certificates without any file leaving your browser

The [PKI Viewer](https://www.jpkc.com/tools/pki/) reads and displays the contents of X.509 certificates and related PKI files: you drop a file into the tool or paste PEM text, and get the fields broken out in plain language — subject, issuer, validity period, keys, fingerprints, extensions. It's a **viewer and analyzer**, not a generator: the tool inspects what you give it but does not produce certificates, keys, or signatures itself.

The key point: all analysis runs **inside your browser**. Certificates, private keys, and PKCS#12 passwords are never uploaded. That makes it safe to open even real production certificates, private keys, and password-protected containers here. You can verify this any time in the Network tab of your browser's developer tools — you'll see no upload of your files.

The tool is built for anyone who works with TLS and certificates day to day: **admins and DevOps** who want to quickly check when a certificate expires or which hostnames it covers; **developers** who need to double-check a CSR or a certificate chain; and anyone who wants to open a signed `.p7m` file from an email without reaching for the command line.

## What the PKI Viewer does — at a glance

- **Inspect certificates** — subject, issuer, serial number, validity, signature algorithm, public key, and all common X.509v3 extensions.
- **Check validity** — colour-coded status: valid, expired, not yet valid, or "expires in N days" (warning once less than 30 days remain).
- **Compute fingerprints** — SHA-1 and SHA-256 over the certificate, each with a copy button.
- **Detect self-signed and CA certificates** — dedicated badges.
- **PKCS#7 / CMS and P7M files** — read out the certificates and extract the encapsulated content; if a MIME email is inside, it breaks out headers, text/HTML parts, and attachments.
- **Open PKCS#12 / PFX** — unlock password-protected containers and show certificates along with private keys.
- **Read CSRs and keys** — certificate signing requests as well as private and public RSA keys.
- **Multiple PEM blocks** in one input are detected automatically and rendered separately.
- **Export as PEM** — show and copy each detected certificate individually.

## What it deliberately does not do

So there are no false expectations: the PKI Viewer **does not generate or sign anything**. It also does not validate certificate chains against a trust store, perform OCSP/CRL revocation checks, or open a TLS connection to a server. It cannot decrypt password-protected private keys (only PKCS#12 passwords are supported), and for EC keys it offers only basic detection — full key breakdown currently exists only for RSA.

## Architecture: fully client-side, no server, no API

All processing happens via the JavaScript library [node-forge](https://github.com/digitalbazaar/forge) directly in the browser. There is **no server endpoint** that receives your files and **no** public API. That means there is nothing that could log your content either. For the same reason, the PKI Viewer is the right tool for safely opening sensitive keys and certificates.

## Try it now

**[→ Open the PKI Viewer](https://www.jpkc.com/tools/pki/)** — drop a file in or paste PEM text, done. No account, free, right in the browser. If you don't have anything handy, the built-in examples (a certificate chain and a signed P7M file) load something illustrative instantly.

## Related JPKCom tools

- **[Cryptor (AES-256)](https://www.jpkc.com/db/en/tools/cryptor/)** — symmetric encryption of text with a password, when you don't need asymmetric cryptography.
- **[Hash generator](https://www.jpkc.com/db/en/tools/hash/)** — compute checksums and hashes, for instance to verify file integrity.
- **[Password & key generator](https://www.jpkc.com/db/en/tools/generator/)** — produce strong passwords and keys.

---

There's more on the sub-pages: the **[manual](https://www.jpkc.com/db/en/tools/pki/manual/)** covering every tab, field, and limit, hands-on **[examples](https://www.jpkc.com/db/en/tools/pki/examples/)**, and collected **[tips & tricks](https://www.jpkc.com/db/en/tools/pki/tips/)**.