Get the overall security rating and known risks and issues for the certificate. This endpoint request allows an end user to drill into or cross-link to a single certificate's security rating and all elements used to determine the overall rating.
curl -X POST \
https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating \
-H 'Content-Type: application/json' \
-H 'X-DC-DEVKEY: {{api_key}}' \
-d '{
"certId": "fb92ee3a2fd0cb6549e58c252f8787f467bfbeff",
"accountId": "126993",
"divisionIds": []
}'
import requests
url = "https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating"
payload = "{\n \"certId\": \"fb92ee3a2fd0cb6549e58c252f8787f467bfbeff\",\n \"accountId\": \"126993\",\n \"divisionIds\": []\n}"
headers = {
'X-DC-DEVKEY': "{{api_key}}",
'Content-Type': "application/json",
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating"
payload := strings.NewReader("{\n \"certId\": \"fb92ee3a2fd0cb6549e58c252f8787f467bfbeff\",\n \"accountId\": \"126993\",\n \"divisionIds\": []\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
var request = require("request");
var options = { method: 'POST',
url: 'https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating',
headers:
{ 'Content-Type': 'application/json',
'X-DC-DEVKEY': '{{api_key}}' },
body:
{ certId: 'fb92ee3a2fd0cb6549e58c252f8787f467bfbeff',
accountId: '126993',
divisionIds: [] },
json: true };
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
{
"data": {
"categories": [
{
"name": "CabForumCategory",
"criteria": [
{
"name": "AuthorityInfoAccess",
"value": "",
"issues": null,
"colorCode": null,
"message": null,
"data": [
{
"name": "OCSP",
"value": "http://ocsp.ca.com",
"issues": null,
"colorCode": null
},
{
"name": "CaIssuers",
"value": "http://crt.url.com/RSADomainValidationSecureServerCA.crx",
"issues": null,
"colorCode": null
}
],
"suggestion": null,
"kbLink": null
},
{
"name": "CRLDistributionPoints",
"value": "http://crl.url.com/RSADomainValidationSecureServerCA.crx",
"issues": "null",
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
},
{
"name": "BasicConstraint",
"value": "Certificate Authority : No",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
},
{
"name": "ExtendedKeyUsage",
"value": "TLS Web Client Authentication,TLS Web Server Authentication",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
},
{
"name": "KeyUsage",
"value": "digitalSignature,keyEncipherment",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
},
{
"name": "CertPolicies",
"value": "Policy ID #1 : 1.3.6.1.4.1.6449.1.2.2.7,CPS URI : https://secure.url.com/CPS,Policy ID #2 : 2.23.140.1.2.1",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
},
{
"name": "InternalNames",
"value": "No",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
}
]
},
{
"name": "CertStatusCategory",
"criteria": [
{
"name": "IsCertValid",
"value": "Yes",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
}
]
},
{
"name": "CertAttributeCategory",
"criteria": [
{
"name": "EndEntityCertHashAlgorithmStrength",
"value": "SHA2 family",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
},
{
"name": "EndEntityCertKeyStrength",
"value": "RSA 2048",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
},
{
"name": "IsAliasMatchSAN",
"value": "Yes",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
},
{
"name": "CertType",
"value": "Domain Validation (DV)",
"issues": "true",
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
}
]
},
{
"name": "KnownRisksCategory",
"criteria": [
{
"name": "NoNullCharacterInCN",
"value": "Yes",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
},
{
"name": "SameKeyNotUsedInChain",
"value": "Yes",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
},
{
"name": "SingleCNInDN",
"value": "Yes",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
},
{
"name": "ValidCertContent",
"value": "Yes",
"issues": null,
"colorCode": null,
"message": null,
"data": null,
"suggestion": null,
"kbLink": null
}
]
}
],
"rating": "Secure",
“ratingNotice”: “Restricted to Secure because of DV certificate. Upgrade to OV or EV certificate to improve the rating.”,
"isPrivateCert": false,
"cn": "*.aparat.com",
"certStatus": "Valid",
"caType": "PUBLIC"
}
}
Name | Req/Opt | Type | Description |
---|---|---|---|
accountId | required | string | Account ID. |
divisionIds | optional | array | Division IDs. |
certId | required | string | Unique DigiCert-generated ID for the certificate found on the endpoint. Get the certificate ID from the List certificates request. |
Name | Type | Description |
---|---|---|
data | object | Container. |
.. categories | array | Container for assessment criteria that determines security rating. |
.. .. name | string | Name of assessment category. |
.. .. criteria | array | Container for details that determine security rating. |
.. .. .. name | string | Assessment criteria. |
.. .. .. value | string | Criteria value. |
.. .. .. issues | string | Whether or not security risks exist. |
.. .. .. colorCode | string |
Warning level. Possible values: 1 =At risk (high), 2 =Warning (medium), null .
|
.. .. .. message | string | Summary. |
.. .. .. data | array | Container for subcategories. |
.. .. .. .. name | string | Assessment criteria. |
.. .. .. .. value | string | Criteria value. |
.. .. .. .. issues | string | Whether or not security risks exist. |
.. .. .. .. colorCode | string |
Warning level. Possible values: 1 =At risk (high), 2 =Warning (medium), null .
|
.. .. .. suggestion | string | Details and/or solution. |
.. .. .. kbLink | string | Link to additional information. |
.. rating | string |
Certificate security rating , based on industry standards and the certificate's settings.
|
.. ratingNotice | string | Additional notes regarding certificate security rating. |
.. isPrivateCert | bool | Whether or not certificate is issued from private root CA. |
.. cn | string | Common name. |
.. certStatus | string |
Status of the certificate.
|
.. caType | string | Type of Certificate Authority source, such as public or private. |