Skip to main content

Vulnerability assessments

DigiCert's Secure Site Pro, Secure Site EV, and Secure Site Pro EV products support vulnerability assessments for the domains that your certificate secures. To manage vulnerability assessments with the Services API, use the endpoints in this section.

Supported products

The following SSL products support vulnerability assessments:

  • ssl_securesite_pro: Secure Site Pro SSL

  • ssl_ev_securesite_multi_domain: Secure Site EV Multi-Domain SSL

  • ssl_ev_securesite_flex: Secure Site EV

  • ssl_ev_securesite: Secure Site EV SSL

  • ssl_ev_securesite_pro: Secure Site Pro EV SSL

Managing vulnerability assessments

To scan the domains on a certificate, you must enable vulnerability assessments for the certificate order. Enabling vulnerability assessments queues the eligible domains on the order to be scanned. When the scan is complete, you can download a PDF report with the results of the vulnerability assessment.

By default, the assessment service scans domains on the order once per month for as long as vulnerability assessments are enabled. You can manually queue a domain to be rescanned anytime. To prevent scanning altogether, disable vulnerability assessments for the certificate order.

Scanned domains

The vulnerability assessment service only scans the highest-level domains that a certificate secures. The examples in the following table show which domains the service scans for certificates securing domains at different levels:

Example certificate A

Secured domains:

  • domain.com: scanned

  • example.domain.com: not scanned

  • sample.domain.com: not scanned

  • website.com: scanned

When a certificate secures second- and third-level domains, the service only scans the second-level domains.

Example certificate B

Secured domains:

  • example.domain.com: scanned

  • sub.example.domain.com: not scanned

When a certificate does not secure a second-level domain, the service scans the subdomain at the next highest level.

Example certificate C

Secured domains:

  • example.domain.com: scanned

  • sample.domain.com: scanned

  • demo.domain.com: scanned

  • sub.demo.domain.com: not scanned

When a certificate secures multiple subdomains at the same level, the service scans each of those domains.