View certificate rating

POST https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating

Get the overall security rating and known risks and issues for the certificate. This endpoint request allows an end user to drill into or cross-link to a single certificate's security rating and all elements used to determine the overall rating.

Example requests and responses

Example 1. cURL

curl -X POST \
  https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}' \
  -d '{
    "certId": "fb92ee3a2fd0cb6549e58c252f8787f467bfbeff",
    "accountId": "126993",
    "divisionIds": []
}'

Example 2. Python

import requests

url = "https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating"

payload = "{\n    \"certId\": \"fb92ee3a2fd0cb6549e58c252f8787f467bfbeff\",\n    \"accountId\": \"126993\",\n    \"divisionIds\": []\n}"
headers = {
    'X-DC-DEVKEY': "{{api_key}}",
    'Content-Type': "application/json",
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)

Example 3. Go

package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating"

	payload := strings.NewReader("{\n    \"certId\": \"fb92ee3a2fd0cb6549e58c252f8787f467bfbeff\",\n    \"accountId\": \"126993\",\n    \"divisionIds\": []\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}

Example 4. NodeJS

var request = require("request");

var options = { method: 'POST',
  url: 'https://daas.digicert.com/apicontroller/v1/sslrating/getCertificateRating',
  headers: 
   { 'Content-Type': 'application/json',
     'X-DC-DEVKEY': '{{api_key}}' },
  body: 
   { certId: 'fb92ee3a2fd0cb6549e58c252f8787f467bfbeff',
     accountId: '126993',
     divisionIds: [] },
  json: true };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});

Example 5. 200 OK

{
    "data": {
        "categories": [
            {
                "name": "CabForumCategory",
                "criteria": [
                    {
                        "name": "AuthorityInfoAccess",
                        "value": "",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": [
                            {
                                "name": "OCSP",
                                "value": "http://ocsp.ca.com",
                                "issues": null,
                                "colorCode": null
                            },
                            {
                                "name": "CaIssuers",
                                "value": "http://crt.url.com/RSADomainValidationSecureServerCA.crx",
                                "issues": null,
                                "colorCode": null
                            }
                        ],
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "CRLDistributionPoints",
                        "value": "http://crl.url.com/RSADomainValidationSecureServerCA.crx",
                        "issues": "null",
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "BasicConstraint",
                        "value": "Certificate Authority : No",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "ExtendedKeyUsage",
                        "value": "TLS Web Client Authentication,TLS Web Server Authentication",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "KeyUsage",
                        "value": "digitalSignature,keyEncipherment",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "CertPolicies",
                        "value": "Policy ID #1 : 1.3.6.1.4.1.6449.1.2.2.7,CPS URI : https://secure.url.com/CPS,Policy ID #2 : 2.23.140.1.2.1",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "InternalNames",
                        "value": "No",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    }
                ]
            },
            {
                "name": "CertStatusCategory",
                "criteria": [
                    {
                        "name": "IsCertValid",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    }
                ]
            },
            {
                "name": "CertAttributeCategory",
                "criteria": [
                    {
                        "name": "EndEntityCertHashAlgorithmStrength",
                        "value": "SHA2 family",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "EndEntityCertKeyStrength",
                        "value": "RSA 2048",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "IsAliasMatchSAN",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "CertType",
                        "value": "Domain Validation (DV)",
                        "issues": "true",
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    }
                ]
            },
            {
                "name": "KnownRisksCategory",
                "criteria": [
                    {
                        "name": "NoNullCharacterInCN",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "SameKeyNotUsedInChain",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "SingleCNInDN",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    },
                    {
                        "name": "ValidCertContent",
                        "value": "Yes",
                        "issues": null,
                        "colorCode": null,
                        "message": null,
                        "data": null,
                        "suggestion": null,
                        "kbLink": null
                    }
                ]
            }
        ],
        "rating": "Secure",
         “ratingNotice”: “Restricted to Secure because of DV certificate. Upgrade to OV or EV certificate to improve  the rating.”,
        "isPrivateCert": false,
        "cn": "*.aparat.com",
        "certStatus": "Valid",
        "caType": "PUBLIC"
    }
}

Request parameters

Name	Req/Opt	Type	Description
accountId	required	string	Account ID.
divisionIds	optional	array	Division IDs.
certId	required	string	Unique DigiCert-generated ID for the certificate found on the endpoint. Get the certificate ID from the List certificates request.

Response parameters

Name	Type	Description
data	object	Container.
.. categories	array	Container for assessment criteria that determines security rating.
.. .. name	string	Name of assessment category.
.. .. criteria	array	Container for details that determine security rating.
.. .. .. name	string	Assessment criteria.
.. .. .. value	string	Criteria value.
.. .. .. issues	string	Whether or not security risks exist.
.. .. .. colorCode	string	Warning level. Possible values: `1`=At risk (high), `2`=Warning (medium), `null`.
.. .. .. message	string	Summary.
.. .. .. data	array	Container for subcategories.
.. .. .. .. name	string	Assessment criteria.
.. .. .. .. value	string	Criteria value.
.. .. .. .. issues	string	Whether or not security risks exist.
.. .. .. .. colorCode	string	Warning level. Possible values: `1`=At risk (high), `2`=Warning (medium), `null`.
.. .. .. suggestion	string	Details and/or solution.
.. .. .. kbLink	string	Link to additional information.
.. rating	string	Certificate security rating, based on industry standards and the certificate's settings.
.. ratingNotice	string	Additional notes regarding certificate security rating.
.. isPrivateCert	bool	Whether or not certificate is issued from private root CA.
.. cn	string	Common name.
.. certStatus	string	Status of the certificate.
.. caType	string	Type of Certificate Authority source, such as public or private.

In this section: