Vulnerability assessments

DigiCert's Secure Site Pro, Secure Site EV, and Secure Site Pro EV products support vulnerability assessments for the domains that your certificate secures. To manage vulnerability assessments with the Services API, use the endpoints in this section.

Supported products

The following SSL products support vulnerability assessments:

  • ssl_securesite_proSecure Site Pro SSL
  • ssl_ev_securesite_multi_domainSecure Site EV Multi-Domain SSL
  • ssl_ev_securesite_flexSecure Site EV
  • ssl_ev_securesiteSecure Site EV SSL
  • ssl_ev_securesite_proSecure Site Pro EV SSL

Managing vulnerability assessments

To scan the domains on a certificate, you must enable vulnerability assessments for the certificate order. Enabling vulnerability assessments queues the eligible domains on the order to be scanned. When the scan is complete, you can download a PDF report with the results of the vulnerability assessment.

By default, the assessment service scans domains on the order once per month for as long as vulnerability assessments are enabled. You can manually queue a domain to be rescanned anytime. To prevent scanning altogether, disable vulnerability assessments for the certificate order.

Scanned domains

The vulnerability assessment service only scans the highest-level domains that a certificate secures. The examples in the following table show which domains the service scans for certificates securing domains at different levels:

Example certificate A
Secured domains:
  • domain.com – scanned
  • example.domain.com – not scanned
  • sample.domain.com – not scanned
  • website.com – scanned
When a certificate secures second- and third-level domains, the service only scans the second-level domains.
Example certificate B
Secured domains:
  • example.domain.com – scanned
  • sub.example.domain.com – not scanned
When a certificate does not secure a second-level domain, the service scans the subdomain at the next highest level.
Example certificate C
Secured domains:
  • example.domain.com – scanned
  • sample.domain.com – scanned
  • demo.domain.com – scanned
  • sub.demo.domain.com – not scanned
When a certificate secures multiple subdomains at the same level, the service scans each of those domains.

API operations

This section includes reference topics for the following operations: