Get the overall server security rating and and known risks and issues for an IP address found through CertCentral Discovery scans. This endpoint request allows an end user to drill into or cross-link to the security rating and all relevant elements that determine the overall rating.
curl -X POST \
https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating \
-H 'Content-Type: application/json' \
-H 'X-DC-DEVKEY: {{api_key}}' \
-d '{
"ip": "digicert.com",
"port": "443",
"accountId": "126993",
"divisionIds": [],
"scanId": "",
"source": null,
"serverId": "{{SERVER_ID}}"
}'import requests
url = "https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating"
payload = "{\n \"ip\": \"digicert.com\",\n \"port\": \"443\",\n \"accountId\": \"126993\",\n \"divisionIds\": [],\n \"scanId\": \"\",\n \"source\": null,\n \"serverId\": \"{{SERVER_ID}}\"\n}"
headers = {
'X-DC-DEVKEY': "{{api_key}}",
'Content-Type': "application/json",
}
response = requests.request("POST", url, data=payload, headers=headers)
print(response.text)package main
import (
"fmt"
"strings"
"net/http"
"io/ioutil"
)
func main() {
url := "https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating"
payload := strings.NewReader("{\n \"ip\": \"digicert.com\",\n \"port\": \"443\",\n \"accountId\": \"\"126993\"\",\n \"divisionIds\": [],\n \"scanId\": \"\",\n \"source\": null,\n \"serverId\": \"{{SERVER_ID}}\"\n}")
req, _ := http.NewRequest("POST", url, payload)
req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
req.Header.Add("Content-Type", "application/json")
res, _ := http.DefaultClient.Do(req)
defer res.Body.Close()
body, _ := ioutil.ReadAll(res.Body)
fmt.Println(res)
fmt.Println(string(body))
}var request = require("request");
var options = { method: 'POST',
url: 'https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating',
headers:
{ 'Content-Type': 'application/json',
'X-DC-DEVKEY': '{{api_key}}' },
body: '{"ip":digicert.com,"port":443,"accountId":"126993","divisionIds":[],"scanId":,"source":null,"serverId":{{SERVER_ID}}}' };
request(options, function (error, response, body) {
if (error) throw new Error(error);
console.log(body);
});{
"data": {
"categories": [
{
"name":"ServerTlsCategory",
"criteria":[
{
"name":"CipherAlgKeyLength",
"value":"256",
"issues":null,
"colorCode":null,
"message":null,
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"CipherAlgorithm",
"value":"AES",
"issues":null,
"colorCode":null,
"message":null,
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"TransportLayerSecurity",
"value":"TLSv1.2,TLSv1",
"issues":null,
"colorCode":null,
"message":null,
"data":null,
"suggestion":null,
"kbLink":null
}
]
},
{
"name":"SecurityHeadersCategory",
"criteria":[
{
"name":"Strict-Transport-Security",
"value":"",
"issues":"true",
"colorCode":2,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Content-Security-Policy",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"X-Content-Type-Options",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Feature-Policy",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Referrer-Policy",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"X-Frame-Options",
"value":"SAMEORIGIN",
"issues":null,
"colorCode":null,
"message":null,
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"X-XSS-Protection",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Public-Key-Pins",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Expect-CT",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Location",
"value":"",
"issues":null,
"colorCode":null,
"message":null,
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"Status",
"value":"200 OK",
"issues":null,
"colorCode":null,
"message":null,
"data":null,
"suggestion":null,
"kbLink":null
},
{
"name":"X-Permitted-Cross-Domain-Policies",
"value":"",
"issues":null,
"colorCode":null,
"message":"Missing security header.",
"data":null,
"suggestion":null,
"kbLink":null
}
]
},
{
"name":"HttpResponseHeadersCategory",
"criteria":[
{
"name":"HttpResponseHeaders",
"value":"",
"issues":null,
"colorCode":null,
"message":null,
"data":[
{
"name":"Version",
"value":"HTTP/1.1",
"issues":null,
"colorCode":null
},
{
"name":"Status",
"value":"200 OK",
"issues":null,
"colorCode":null
},
{
"name":"Server",
"value":"Apache/2.4.39 (Unix) Communique/4.2.3",
"issues":null,
"colorCode":null
},
{
"name":"Access-Control-Allow-Origin",
"value":"*",
"issues":null,
"colorCode":null
},
{
"name":
"Access-Control-Allow-Methods",
"value":"GET,POST~GET,POST",
"issues":null,
"colorCode":null
},
{
"name":"Connection",
"value":"keep-alive",
"issues":null,
"colorCode":null
},
{
"name":"Pragma",
"value":"no-cache",
"issues":null,"colorCode":null
},
{
"name":"Last-Modified",
"value":"Mon, 13 May 2019 08:57:02 GMT",
"issues":null,
"colorCode":null
},
{
"name":"Date",
"value":"Mon, 13 May 2019 09:06:26 GMT",
"issues":null,
"colorCode":null
},
{
"name":"Access-Control-Allow-Headers",
"value":"X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding",
"issues":null,
"colorCode":null
},
{
"name":"Accept-Ranges",
"value":"bytes",
"issues":null,
"colorCode":null
},
{
"name":"Cache-Control",
"value":"no-cache, no-store, must-revalidate~private, max-age=604800",
"issues":null,
"colorCode":null
},
{
"name":"ETag",
"value":"\"43ef6-588c119939675\"",
"issues":null,
"colorCode":null
},
{
"name":"Set-Cookie",
"value":"AKA_A2=A; expires=Mon, 13-May-2019 10:06:26 GMT; path=/; domain=symantec.com; secure; HttpOnly",
"issues":null,
"colorCode":null
},
{
"name":"Set-Cookie",
"value":"spk=1894745231; path=/; secure",
"issues":null,
"colorCode":null
},
{
"name":"Expires",
"value":"0",
"issues":null,
"colorCode":null
},
{
"name":"Content-Length",
"value":"276799",
"issues":null,
"colorCode":null
},
{
"name":"Access-Control-Max-Age",
"value":"1000~1000",
"issues":null,
"colorCode":null
},
{
"name":"Link",
"value":"<https://web-analytics.example.m>;rel=\"preconnect\",<https://j.web.m>;rel=\"preconnect\",<https://nxs.example.com>;rel=\"preconnect\",<https://tracker.mrexample.m>;rel=\"preconnect\"",
"issues":null,
"colorCode":null
},
{
"name":"Content-Type",
"value":"text/html; charset=utf-8",
"issues":null,
"colorCode":null
}
],
"suggestion":null,
"kbLink":null
}
]
}
],
"rating":"Not secure",
"certChainInfo":{
"certChainId":4752752,
"noOfCertChainFound":2,
"status":"Invalid-certificate is expired",
"isSelfSigned":false,
"certChainDetails":{
"certChainDetailsList":[
{
"certDetailsList":[
{
"status":"Valid",
"expirationDate":1855828800000,
"keyAlgorithm":"RSA2048",
"algorithmType":"SHA256withRSA",
"issueDate":1382443200000,
"issuerDN":"CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
"subject":null,
"errors":null
},
{
"status":"Expired",
"expirationDate":null,
"keyAlgorithm":null,
"algorithmType":null,
"issueDate":null,
"issuerDN":null,
"subject":"CN=www.exampleca.com,OU=Corp Mktg & Comms - Online Exp,O=Symantec Corporation,L=Mountain View,ST=California,C=US,2.5.4.5=#130732313538313133,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#0c1450726976617465204f7267616e697a6174696f6e(end-entity)",
"errors":[
"This certificate has expired. Replace the expired certificate with a valid certificate."
]
}
],
"overallStatus":"Primary Chain (Invalid- certificate is expired)",
"isAdditionalCertChain":null,
"isValidChain":false
}
]
}
},
"criticalTlsIssues":[],
"nonCriticalTlsIssues":[],
"protocolCiphersInfoList":[],
"serverConfigList":[
{
"protocol":"TLSv1.2",
"keySize":128,
"cipherAlgorithm":"AES"
}
],
"tlsIssuesFound":false,
"vulnerabilityScanEnabled":false
}
}| Name | Req/Opt | Type | Description |
|---|---|---|---|
| ip | required | string | IP address for the endpoint you want to get the rating for. |
| port | required | string | Port for the endpoint you want to get the rating for. |
| accountId | required | string | Account ID. |
| divisionIds | optional | array | Division IDs. |
| scanId | optional | string |
Unique ID for the CertCentral Discovery scan that scanned and retrieved details for the endpoint. Required when scanName filter is applied on an endpoint view or user is navigating to a certificate view from scan details.
|
| source | optional | string | Scan name user is redirected from. |
| serverId | required | string | Server ID that uniquely identifies the record from list endpoint. |
| Name | Type | Description |
|---|---|---|
| data | object | Container. |
| .. categories | array | Container for assessment criteria that determines security rating. |
| .. .. name | string | Name of assessment category. |
| .. .. criteria | array | Container for details that determine security rating. |
| .. .. .. name | string | Assessment criteria. |
| .. .. .. value | string | Criteria value. |
| .. .. .. issues | bool | Whether known issues exist for this criteria. |
| .. .. .. colorCode | string |
Warning level. Possible values: 1=At risk (high), 2=Warning (medium), null.
|
| .. .. .. message | string | Summary. |
| .. .. .. data | array | Container for subcategories. |
| .. .. .. .. name | string | Assessment criteria. |
| .. .. .. .. value | string | Criteria value. |
| .. .. .. .. issues | bool | Whether known issues exist for this criteria. |
| .. .. .. .. colorCode | string |
Warning level. Possible values: 1=At risk (high), 2=Warning (medium), null.
|
| .. .. .. suggestion | string | Details and/or solution. |
| .. .. .. kbLink | string | Link to additional information. |
| .. rating | string |
Server security rating, based on the endpoint's communication and security settings.
|
| .. certChainInfo | object | Container for intermediate CA certificate information. |
| .. .. certChainId | string | Certificate chain ID. |
| .. .. noOfCertChainFound | int | Number of certificate chains found. |
| .. .. status | string | Chain status. |
| .. .. isSelfSigned | bool | Whether the chain is self-signed. |
| .. .. certChainDetails | object | Certificate chain details container. |
| .. .. .. certChainDetailsList | array | Certificate chain details container. |
| .. .. .. .. certDetailsList | array | Intermediate or root certificate details. |
| .. .. .. .. .. status | string | Certificate status. |
| .. .. .. .. .. expirationDate | integer |
Expiration date. Format: epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: 1855828800000
|
| .. .. .. .. .. keyAlgorithm | string | Encryption algorithm. |
| .. .. .. .. .. algorithmType | string | SHA type. |
| .. .. .. .. .. issueDate | string |
Issuing date. Format: epoch in millisecond. Epoch corresponds to 0 hours, 0 minutes, and 0 seconds (00:00:00) Coordinated Universal Time (UTC) on a specific date, which varies from system to system. Example: 1382443200000
|
| .. .. .. .. .. issuerDN | string | Issuer name. |
| .. .. .. .. .. subject | string | Certificate subject. |
| .. .. .. .. .. errors | array | Error messages. |
| .. .. .. .. overallStatus | string | Overall certificate chain status. |
| .. .. .. .. isAdditionalCertChain | bool | Whether a certificate other than the expected certificate chain is discovered. |
| .. .. .. .. isValidChain | bool | Whether chain is valid. |
| .. criticalTlsIssues | array | Critical issues related to TLS implementation on the endpoint. |
| .. nonCriticalTlsIssues | array | Non-critical issues related to TLS implementation on the endpoint. |
| .. protocolCiphersInfoList | array | Cipher suites present on the endpoint. |
| .. serverConfigList | object | Server's communication security settings. |
| .. .. protocol | string | Communication security protocol. |
| .. .. keySize | string | Encryption key size. |
| .. .. cipherAlgorithm | string | Encryption algorithm. |
| .. tlsIssuesFound | bool | Whether or not TLS issues exist on the endpoint. |
| .. vulnerabilityScanEnabled | bool | Whether or not vulnerability scanning is turned on for the endpoint. |