View certificate rating

POST https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating
Get the overall security rating and known risks and issues for the certificate. This endpoint request allows an end user to drill into or cross-link to a single certificate’s security rating and all elements used to determine the overall rating.

Example requests and responses

curl -X POST \
  https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}' \
  -d '{
    "certId": "fb92ee3a2fd0cb6549e58c252f8787f467bfbeff",
    "accountId": "126993",
    "divisionIds": []
}'
import requests

url = "https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating"

payload = "{\n    \"certId\": \"fb92ee3a2fd0cb6549e58c252f8787f467bfbeff\",\n    \"accountId\": \"126993\",\n    \"divisionIds\": []\n}"
headers = {
    'X-DC-DEVKEY': "{{api_key}}",
    'Content-Type': "application/json",
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating"

	payload := strings.NewReader("{\n    \"certId\": \"fb92ee3a2fd0cb6549e58c252f8787f467bfbeff\",\n    \"accountId\": \"126993\",\n    \"divisionIds\": []\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
var request = require("request");

var options = { method: 'POST',
  url: 'https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating',
  headers: 
   { 'Content-Type': 'application/json',
     'X-DC-DEVKEY': '{{api_key}}' },
  body: 
   { certId: 'fb92ee3a2fd0cb6549e58c252f8787f467bfbeff',
     accountId: '126993',
     divisionIds: [] },
  json: true };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

200 OK

{
    "data": {
        "categories": [
            {
                "name": "CabForumCategory",
                "criteria": [
                    {
                        "name": "AuthorityInfoAccess",
                        "value": "",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": [
                            {
                                "name": "OCSP",
                                "value": "http://ocsp.ca.com",
                                "issues": null,
                                "colorCode": null
                            },
                            {
                                "name": "CaIssuers",
                                "value": "http://crt.url.com/RSADomainValidationSecureServerCA.crx",
                                "issues": null,
                                "colorCode": null
                            }
                        ],
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "CRLDistributionPoints",
                        "value": "http://crl.url.com/RSADomainValidationSecureServerCA.crx",
                        "issues": "null",
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "BasicConstraint",
                        "value": "Certificate Authority : No",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "ExtendedKeyUsage",
                        "value": "TLS Web Client Authentication,TLS Web Server Authentication",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "KeyUsage",
                        "value": "digitalSignature,keyEncipherment",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "CertPolicies",
                        "value": "Policy ID #1 : 1.3.6.1.4.1.6449.1.2.2.7,CPS URI : https://secure.url.com/CPS,Policy ID #2 : 2.23.140.1.2.1",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "InternalNames",
                        "value": "No",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    }
                ]
            },
            {
                "name": "CertStatusCategory",
                "criteria": [
                    {
                        "name": "IsCertValid",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    }
                ]
            },
            {
                "name": "CertAttributeCategory",
                "criteria": [
                    {
                        "name": "EndEntityCertHashAlgorithmStrength",
                        "value": "SHA2 family",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "EndEntityCertKeyStrength",
                        "value": "RSA 2048",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "IsAliasMatchSAN",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "CertType",
                        "value": "Domain Validation (DV)",
                        "issues": "true",
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    }
                ]
            },
            {
                "name": "KnownRisksCategory",
                "criteria": [
                    {
                        "name": "NoNullCharacterInCN",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "SameKeyNotUsedInChain",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "SingleCNInDN",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "ValidCertContent",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    }
                ]
            }
        ],
        "rating": "Secure",
         “ratingNotice”: “Restricted to Secure because of DV certificate. Upgrade to OV or EV certificate to improve  the rating.”,
        "isPrivateCert": false,
        "cn": "*.aparat.com",
        "certStatus": "Valid",
        "caType": "PUBLIC"
    }
}

Request parameters

NameReq/OptTypeDescription
accountIdrequiredstringAccount ID.
divisionIdsoptionalarrayDivision IDs.
certIdrequiredstringUnique DigiCert-generated ID for the certificate found on the endpoint. Get the certificate ID from the List certificates request.

Response parameters

NameTypeDescription
dataobjectContainer.
.. categoriesarrayContainer for assessment criteria that determines security rating.
.. .. namestringName of assessment category.
.. .. criteriaarrayContainer for details that determine security rating.
.. .. .. namestringAssessment criteria.
.. .. .. valuestringCriteria value.
.. .. .. issuesstringWhether or not security risks exist.
.. .. .. colorCodestringWarning level.
Possible values: 1=At risk (high), 2=Warning (medium), null.
.. .. .. messagestringSummary.
.. .. .. dataarrayContainer for subcategories.
.. .. .. .. namestringAssessment criteria.
.. .. .. .. valuestringCriteria value.
.. .. .. .. issuesstringWhether or not security risks exist.
.. .. .. .. colorCodestringWarning level.
Possible values: 1=At risk (high), 2=Warning (medium), null.
.. .. .. suggestionstringDetails and/or solution.
.. .. .. kbLinkstringLink to additional information.
.. ratingstringCertificate security rating, based on industry standards and the certificate’s settings.
.. ratingNoticestringAdditional notes regarding certificate security rating.
.. isPrivateCertboolWhether or not certificate is issued from private root CA.
.. cnstringCommon name.
.. certStatusstringStatus of the certificate.
.. caTypestringType of Certificate Authority source, such as public or private.