为通过 CertCentral Discovery 扫描发现的 IP 地址获取整体服务器安全性评级以及已知风险和问题。通过该端点请求,最终用户可以钻取或交叉关联安全性评级以及决定整体评级的所有相关要素。
curl -X POST \
https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating \
-H 'Content-Type: application/json' \
-H 'X-DC-DEVKEY: {{api_key}}' \
-d '{
"ip": "digicert.com",
"port": "443",
"accountId": "126993",
"divisionIds": [],
"scanId": "",
"source": null,
"serverId": "{{SERVER_ID}}"
}'
import requests
url = "https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating"
payload = "{\n \"ip\": \"digicert.com\",\n \"port\": \"443\",\n \"accountId\": \"126993\",\n \"divisionIds\": [],\n \"scanId\": \"\",\n \"source\": null,\n \"serverId\": \"{{SERVER_ID}}\"\n}"
headers = {
'X-DC-DEVKEY': "{{api_key}}",
'Content-Type': "application/json",
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)
package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating"
payload := strings.NewReader("{\n \"ip\": \"digicert.com\",\n \"port\": \"443\",\n \"accountId\": \"\"126993\"\",\n \"divisionIds\": [],\n \"scanId\": \"\",\n \"source\": null,\n \"serverId\": \"{{SERVER_ID}}\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}
var request = require("request");
var options = { method: 'POST',
url: 'https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating',
headers:
{ 'Content-Type': 'application/json',
'X-DC-DEVKEY': '{{api_key}}' },
body: '{"ip":digicert.com,"port":443,"accountId":"126993","divisionIds":[],"scanId":,"source":null,"serverId":{{SERVER_ID}}}' };
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});
{
"data": {
"categories": [
{
"name":"ServerTlsCategory",
"criteria":[
{
"name":"CipherAlgKeyLength",
"value":"256",
"issues":null,
"colorCode":null,
"message":null,
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"CipherAlgorithm",
"value":"AES",
"issues":null,
"colorCode":null,
"message":null,
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"TransportLayerSecurity",
"value":"TLSv1.2,TLSv1",
"issues":null,
"colorCode":null,
"message":null,
"data":null,
"suggestion":null,
"kbLink":null
}
]
},
{
"name":"SecurityHeadersCategory",
"criteria":[
{
"name":"Strict-Transport-Security",
"value":"",
"issues":"true",
"colorCode":2,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Content-Security-Policy",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"X-Content-Type-Options",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Feature-Policy",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Referrer-Policy",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"X-Frame-Options",
"value":"SAMEORIGIN",
"issues":null,
"colorCode":null,
"message":null,
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"X-XSS-Protection",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Public-Key-Pins",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Expect-CT",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Location",
"value":"",
"issues":null,
"colorCode":null,
"message":null,
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Status",
"value":"200 OK",
"issues":null,
"colorCode":null,
"message":null,
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"X-Permitted-Cross-Domain-Policies",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
}
]
},
{
"name":"HttpResponseHeadersCategory",
"criteria":[
{
"name":"HttpResponseHeaders",
"value":"",
"issues":null,
"colorCode":null,
"message":null,
"data":[
{
"name":"Version",
"value":"HTTP/1.1",
"issues":null,
"colorCode":null
},
{
"name":"Status",
"value":"200 OK",
"issues":null,
"colorCode":null
},
{
"name":"Server",
"value":"Apache/2.4.39 (Unix) Communique/4.2.3",
"issues":null,
"colorCode":null
},
{
"name":"Access-Control-Allow-Origin",
"value":"*",
"issues":null,
"colorCode":null
},
{
"name":
"Access-Control-Allow-Methods",
"value":"GET,POST~GET,POST",
"issues":null,
"colorCode":null
},
{
"name":"Connection",
"value":"keep-alive",
"issues":null,
"colorCode":null
},
{
"name":"Pragma",
"value":"no-cache",
"issues":null,"colorCode":null
},
{
"name":"Last-Modified",
"value":"Mon, 13 May 2019 08:57:02 GMT",
"issues":null,
"colorCode":null
},
{
"name":"Date",
"value":"Mon, 13 May 2019 09:06:26 GMT",
"issues":null,
"colorCode":null
},
{
"name":"Access-Control-Allow-Headers",
"value":"X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding",
"issues":null,
"colorCode":null
},
{
"name":"Accept-Ranges",
"value":"bytes",
"issues":null,
"colorCode":null
},
{
"name":"Cache-Control",
"value":"no-cache, no-store, must-revalidate~private, max-age=604800",
"issues":null,
"colorCode":null
},
{
"name":"ETag",
"value":"\"43ef6-588c119939675\"",
"issues":null,
"colorCode":null
},
{
"name":"Set-Cookie",
"value":"AKA_A2=A; expires=Mon, 13-May-2019 10:06:26 GMT; path=/; domain=symantec.com; secure; HttpOnly",
"issues":null,
"colorCode":null
},
{
"name":"Set-Cookie",
"value":"spk=1894745231; path=/; secure",
"issues":null,
"colorCode":null
},
{
"name":"Expires",
"value":"0",
"issues":null,
"colorCode":null
},
{
"name":"Content-Length",
"value":"276799",
"issues":null,
"colorCode":null
},
{
"name":"Access-Control-Max-Age",
"value":"1000~1000",
"issues":null,
"colorCode":null
},
{
"name":"Link",
"value":"<https://web-analytics.example.m>;rel=\"preconnect\",<https://j.web.m>;rel=\"preconnect\",<https://nxs.example.com>;rel=\"preconnect\",<https://tracker.mrexample.m>;rel=\"preconnect\"",
"issues":null,
"colorCode":null
},
{
"name":"Content-Type",
"value":"text/html; charset=utf-8",
"issues":null,
"colorCode":null
}
],
"suggestion":null,
"kbLink":null
}
]
}
],
"rating":"Not secure",
"certChainInfo":{
"certChainId":4752752,
"noOfCertChainFound":2,
"status":"Invalid-certificate is expired",
"isSelfSigned":false,
"certChainDetails":{
"certChainDetailsList":[
{
"certDetailsList":[
{
"status":"Valid",
"expirationDate":1855828800000,
"keyAlgorithm":"RSA2048",
"algorithmType":"SHA256withRSA",
"issueDate":1382443200000,
"issuerDN":"CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"subject":null,
"errors":null
},
{
"status":"Expired",
"expirationDate":null,
"keyAlgorithm":null,
"algorithmType":null,
"issueDate":null,
"issuerDN":null,
"subject":"CN=www.exampleca.com,OU=Corp Mktg & Comms - Online Exp,O=Symantec Corporation,L=Mountain View,ST=California,C=US,2.5.4.5=#130732313538313133,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#0c1450726976617465204f7267616e697a6174696f6e(end-entity)",
"errors":[
"This certificate has expired. Replace the expired certificate with a valid certificate."
]
}
],
"overallStatus":"Primary Chain (Invalid- certificate is expired)",
"isAdditionalCertChain":null,
"isValidChain":false
}
]
}
},
"criticalTlsIssues":[],
"nonCriticalTlsIssues":[],
"protocolCiphersInfoList":[],
"serverConfigList":[
{
"protocol":"TLSv1.2",
"keySize":128,
"cipherAlgorithm":"AES"
}
],
"tlsIssuesFound":false,
"vulnerabilityScanEnabled":false
}
}
名称 | 请求/选项 | 类型 | 描述 |
---|---|---|---|
ip | 必填 | string | 您要获取其评级的端点的 IP 地址。 |
port | 必填 | string | 您要获取其评级的端点的端口。 |
accountId | 必填 | string | 帐号。 |
divisionIds | 可选 | array | 分区 ID。 |
scanId | 可选 | string |
扫描并提取了端点详细信息的 CertCentral Discovery 扫描的唯一 ID。 当 scanName 筛选项应用于端点视图或用户从扫描详细信息浏览至证书视图时必填。
|
source | 可选 | string | 将用户重定向到这里的扫描名称。 |
serverId | 可选 | string | 服务器 ID(如果可用)。 |
名称 | 类型 | 描述 |
---|---|---|
data | object | 容器。 |
.. categories | array | 决定安全性评级的评估标准的容器。 |
.. .. name | string | 评估类别的名称。 |
.. .. criteria | array | 决定安全性评级的详细信息的容器。 |
.. .. .. name | string | 评估标准。 |
.. .. .. value | string | 标准值。 |
.. .. .. issues | bool | 此标准是否存在已知问题。 |
.. .. .. colorCode | string |
警告级别。 可能的值: 1 =有风险(高),2 =警告(中),null 。
|
.. .. .. message | string | 摘要。 |
.. .. .. data | array | 子类别的容器。 |
.. .. .. .. name | string | 评估标准。 |
.. .. .. .. value | string | 标准值。 |
.. .. .. .. issues | bool | 此标准是否存在已知问题。 |
.. .. .. .. colorCode | string |
警告级别。 可能的值: 1 =有风险(高),2 =警告(中),null 。
|
.. .. .. suggestion | string | 详细信息和/或解决方案。 |
.. .. .. kbLink | string | 指向附加信息的链接。 |
.. rating | string |
服务器安全性评级 ,基于端点的通信和安全设置。
|
.. certChainInfo | object | 中间 CA 证书信息的容器。 |
.. .. certChainId | string | 证书链 ID。 |
.. .. noOfCertChainFound | int | 找到的证书链的数量。 |
.. .. status | string | 证书链状态。 |
.. .. isSelfSigned | bool | 证书链是否为自签名。 |
.. .. certChainDetails | object | 证书链详细信息容器。 |
.. .. .. certChainDetailsList | array | 证书链详细信息容器。 |
.. .. .. .. certDetailsList | array | 中间证书或根证书详细信息。 |
.. .. .. .. .. status | string | 证书状态。 |
.. .. .. .. .. expirationDate | string | 到期日期。 |
.. .. .. .. .. keyAlgorithm | string | 加密算法。 |
.. .. .. .. .. algorithmType | string | SHA 类型。 |
.. .. .. .. .. issueDate | string | 颁发日期。 |
.. .. .. .. .. issuerDN | string | 颁发者名称。 |
.. .. .. .. .. subject | string | 证书使用者。 |
.. .. .. .. .. errors | array | 错误消息。 |
.. .. .. .. overallStatus | string | 整体证书链状态。 |
.. .. .. .. isAdditionalCertChain | bool | 是否发现了除预期证书链之外的其他证书。 |
.. .. .. .. isValidChain | bool | 证书链是否有效。 |
.. criticalTlsIssues | array | 与端点上的 TLS 实现有关的严重问题。 |
.. nonCriticalTlsIssues | array | 与端点上的 TLS 实现有关的非严重问题。 |
.. protocolCiphersInfoList | array | 端点上存在的密码套件。 |
.. serverConfigList | object | 服务器的通信安全设置。 |
.. .. protocol | string | 通信安全协议。 |
.. .. keySize | string | 加密密钥大小。 |
.. .. cipherAlgorithm | string | 加密算法。 |
.. tlsIssuesFound | bool | 端点上是否存在 TLS 问题。 |
.. vulnerabilityScanEnabled | bool | 是否对端点启用了漏洞扫描。 |