Vulnerability assessments
DigiCert's Secure Site Pro, Secure Site EV, and Secure Site Pro EV products support vulnerability assessments for the domains that your certificate secures. To manage vulnerability assessments with the Services API, use the endpoints in this section.
Supported products
The following SSL products support vulnerability assessments:
ssl_securesite_pro
: Secure Site Pro SSLssl_ev_securesite_multi_domain
: Secure Site EV Multi-Domain SSLssl_ev_securesite_flex
: Secure Site EVssl_ev_securesite
: Secure Site EV SSLssl_ev_securesite_pro
: Secure Site Pro EV SSL
Managing vulnerability assessments
To scan the domains on a certificate, you must enable vulnerability assessments for the certificate order. Enabling vulnerability assessments queues the eligible domains on the order to be scanned. When the scan is complete, you can download a PDF report with the results of the vulnerability assessment.
By default, the assessment service scans domains on the order once per month for as long as vulnerability assessments are enabled. You can manually queue a domain to be rescanned anytime. To prevent scanning altogether, disable vulnerability assessments for the certificate order.
Scanned domains
The vulnerability assessment service only scans the highest-level domains that a certificate secures. The examples in the following table show which domains the service scans for certificates securing domains at different levels:
Example certificate A Secured domains:
| When a certificate secures second- and third-level domains, the service only scans the second-level domains. |
Example certificate B Secured domains:
| When a certificate does not secure a second-level domain, the service scans the subdomain at the next highest level. |
Example certificate C Secured domains:
| When a certificate secures multiple subdomains at the same level, the service scans each of those domains. |