View certificate rating

POST
https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating

Get the overall security rating and known risks and issues for the certificate. This endpoint request allows an end user to drill into or cross-link to a single certificate's security rating and all elements used to determine the overall rating.

cURL
curl -X POST \
  https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}' \
  -d '{
    "certId": "fb92ee3a2fd0cb6549e58c252f8787f467bfbeff",
    "accountId": "126993",
    "divisionIds": []
}'
Python
import requests

url = "https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating"

payload = "{\n    \"certId\": \"fb92ee3a2fd0cb6549e58c252f8787f467bfbeff\",\n    \"accountId\": \"126993\",\n    \"divisionIds\": []\n}"
headers = {
    'X-DC-DEVKEY': "{{api_key}}",
    'Content-Type': "application/json",
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)
Go
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating"

	payload := strings.NewReader("{\n    \"certId\": \"fb92ee3a2fd0cb6549e58c252f8787f467bfbeff\",\n    \"accountId\": \"126993\",\n    \"divisionIds\": []\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
NodeJS
var request = require("request");

var options = { method: 'POST',
  url: 'https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating',
  headers: 
   { 'Content-Type': 'application/json',
     'X-DC-DEVKEY': '{{api_key}}' },
  body: 
   { certId: 'fb92ee3a2fd0cb6549e58c252f8787f467bfbeff',
     accountId: '126993',
     divisionIds: [] },
  json: true };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
200 OK
{
    "data": {
        "categories": [
            {
                "name": "CabForumCategory",
                "criteria": [
                    {
                        "name": "AuthorityInfoAccess",
                        "value": "",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": [
                            {
                                "name": "OCSP",
                                "value": "http://ocsp.ca.com",
                                "issues": null,
                                "colorCode": null
                            },
                            {
                                "name": "CaIssuers",
                                "value": "http://crt.url.com/RSADomainValidationSecureServerCA.crx",
                                "issues": null,
                                "colorCode": null
                            }
                        ],
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "CRLDistributionPoints",
                        "value": "http://crl.url.com/RSADomainValidationSecureServerCA.crx",
                        "issues": "null",
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "BasicConstraint",
                        "value": "Certificate Authority : No",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "ExtendedKeyUsage",
                        "value": "TLS Web Client Authentication,TLS Web Server Authentication",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "KeyUsage",
                        "value": "digitalSignature,keyEncipherment",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "CertPolicies",
                        "value": "Policy ID #1 : 1.3.6.1.4.1.6449.1.2.2.7,CPS URI : https://secure.url.com/CPS,Policy ID #2 : 2.23.140.1.2.1",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "InternalNames",
                        "value": "No",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    }
                ]
            },
            {
                "name": "CertStatusCategory",
                "criteria": [
                    {
                        "name": "IsCertValid",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    }
                ]
            },
            {
                "name": "CertAttributeCategory",
                "criteria": [
                    {
                        "name": "EndEntityCertHashAlgorithmStrength",
                        "value": "SHA2 family",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "EndEntityCertKeyStrength",
                        "value": "RSA 2048",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "IsAliasMatchSAN",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "CertType",
                        "value": "Domain Validation (DV)",
                        "issues": "true",
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    }
                ]
            },
            {
                "name": "KnownRisksCategory",
                "criteria": [
                    {
                        "name": "NoNullCharacterInCN",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "SameKeyNotUsedInChain",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "SingleCNInDN",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "ValidCertContent",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    }
                ]
            }
        ],
        "rating": "Secure",
         “ratingNotice”: “Restricted to Secure because of DV certificate. Upgrade to OV or EV certificate to improve  the rating.”,
        "isPrivateCert": false,
        "cn": "*.aparat.com",
        "certStatus": "Valid",
        "caType": "PUBLIC"
    }
}

Request parameters

Name Req/Opt Type Description
accountId required string Account ID.
divisionIds optional array Division IDs.
certId required string Unique DigiCert-generated ID for the certificate found on the endpoint. Get the certificate ID from the List certificates request.

Response parameters

Name Type Description
data object Container.
.. categories array Container for assessment criteria that determines security rating.
.. .. name string Name of assessment category.
.. .. criteria array Container for details that determine security rating.
.. .. .. name string Assessment criteria.
.. .. .. value string Criteria value.
.. .. .. issues string Whether or not security risks exist.
.. .. .. colorCode string Warning level.
Possible values: 1=At risk (high), 2=Warning (medium), null.
.. .. .. message string Summary.
.. .. .. data array Container for subcategories.
.. .. .. .. name string Assessment criteria.
.. .. .. .. value string Criteria value.
.. .. .. .. issues string Whether or not security risks exist.
.. .. .. .. colorCode string Warning level.
Possible values: 1=At risk (high), 2=Warning (medium), null.
.. .. .. suggestion string Details and/or solution.
.. .. .. kbLink string Link to additional information.
.. rating string Certificate security rating, based on industry standards and the certificate's settings.
.. ratingNotice string Additional notes regarding certificate security rating.
.. isPrivateCert bool Whether or not certificate is issued from private root CA.
.. cn string Common name.
.. certStatus string Status of the certificate.
.. caType string Type of Certificate Authority source, such as public or private.