查看端点评级

POST
https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating

为通过 CertCentral Discovery 扫描发现的 IP 地址获取整体服务器安全性评级以及已知风险和问题。通过该端点请求,最终用户可以钻取或交叉关联安全性评级以及决定整体评级的所有相关要素。

cURL
curl -X POST \
  https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating \
  -H 'Content-Type: application/json' \
  -H 'X-DC-DEVKEY: {{api_key}}' \
  -d '{
    "ip": "digicert.com",
    "port": "443",
    "accountId": "126993",
    "divisionIds": [],
    "scanId": "",
    "source": null,
    "serverId": "{{SERVER_ID}}"
}'
Python
import requests

url = "https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating"

payload = "{\n    \"ip\": \"digicert.com\",\n    \"port\": \"443\",\n    \"accountId\": \"126993\",\n    \"divisionIds\": [],\n    \"scanId\": \"\",\n    \"source\": null,\n    \"serverId\": \"{{SERVER_ID}}\"\n}"
headers = {
    'X-DC-DEVKEY': "{{api_key}}",
    'Content-Type': "application/json",
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)
Go
package main

import (
	"fmt"
	"strings"
	"net/http"
	"io/ioutil"
)

func main() {

	url := "https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating"

	payload := strings.NewReader("{\n    \"ip\": \"digicert.com\",\n    \"port\": \"443\",\n    \"accountId\": \"\"126993\"\",\n    \"divisionIds\": [],\n    \"scanId\": \"\",\n    \"source\": null,\n    \"serverId\": \"{{SERVER_ID}}\"\n}")

	req, _ := http.NewRequest("POST", url, payload)

	req.Header.Add("X-DC-DEVKEY", "{{api_key}}")
	req.Header.Add("Content-Type", "application/json")

	res, _ := http.DefaultClient.Do(req)

	defer res.Body.Close()
	body, _ := ioutil.ReadAll(res.Body)

	fmt.Println(res)
	fmt.Println(string(body))

}
NodeJS
var request = require("request");

var options = { method: 'POST',
  url: 'https://daas.digicert.com/apicontroller/v1/sslrating/getServerRating',
  headers: 
   { 'Content-Type': 'application/json',
     'X-DC-DEVKEY': '{{api_key}}' },
  body: '{"ip":digicert.com,"port":443,"accountId":"126993","divisionIds":[],"scanId":,"source":null,"serverId":{{SERVER_ID}}}' };

request(options, function (error, response, body) {
  if (error) throw new Error(error);

  console.log(body);
});
200 OK
{
    "data": {
        "categories": [
		    {
				"name":"ServerTlsCategory",
				"criteria":[
			    	{
				    	"name":"CipherAlgKeyLength",
						"value":"256",
						"issues":null,
						"colorCode":null,
						"message":null,
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"CipherAlgorithm",
						"value":"AES",
						"issues":null,
						"colorCode":null,
						"message":null,
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"TransportLayerSecurity",
						"value":"TLSv1.2,TLSv1",
						"issues":null,
						"colorCode":null,
						"message":null,
						"data":null,
						"suggestion":null,
						"kbLink":null
					}
				]
			},
			{
				"name":"SecurityHeadersCategory",
				"criteria":[
					{
						"name":"Strict-Transport-Security",
						"value":"",
						"issues":"true",
						"colorCode":2,
						"message":"Missing security header.",
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"Content-Security-Policy",
						"value":"",
						"issues":null,
						"colorCode":null,
						"message":"Missing security header.",
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"X-Content-Type-Options",
						"value":"",
						"issues":null,
						"colorCode":null,
						"message":"Missing security header.",
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"Feature-Policy",
						"value":"",
						"issues":null,
						"colorCode":null,
						"message":"Missing security header.",
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"Referrer-Policy",
						"value":"",
						"issues":null,
						"colorCode":null,
						"message":"Missing security header.",
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"X-Frame-Options",
						"value":"SAMEORIGIN",
						"issues":null,
						"colorCode":null,
						"message":null,
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"X-XSS-Protection",
						"value":"",
						"issues":null,
						"colorCode":null,
						"message":"Missing security header.",
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"Public-Key-Pins",
						"value":"",
						"issues":null,
						"colorCode":null,
						"message":"Missing security header.",
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"Expect-CT",
						"value":"",
						"issues":null,
						"colorCode":null,
						"message":"Missing security header.",
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"Location",
						"value":"",
						"issues":null,
						"colorCode":null,
						"message":null,
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"Status",
						"value":"200 OK",
						"issues":null,
						"colorCode":null,
						"message":null,
						"data":null,
						"suggestion":null,
						"kbLink":null
					},
					{
						"name":"X-Permitted-Cross-Domain-Policies",
						"value":"",
						"issues":null,
						"colorCode":null,
						"message":"Missing security header.",
						"data":null,
						"suggestion":null,
						"kbLink":null
					}
				]
			},
			{
				"name":"HttpResponseHeadersCategory",
				"criteria":[
					{
						"name":"HttpResponseHeaders",
						"value":"",
						"issues":null,
						"colorCode":null,
						"message":null,
						"data":[
							{
								"name":"Version",
								"value":"HTTP/1.1",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Status",
								"value":"200 OK",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Server",
								"value":"Apache/2.4.39 (Unix) Communique/4.2.3",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Access-Control-Allow-Origin",
								"value":"*",
								"issues":null,
								"colorCode":null
							},
							{
								"name":
								"Access-Control-Allow-Methods",
								"value":"GET,POST~GET,POST",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Connection",
								"value":"keep-alive",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Pragma",
								"value":"no-cache",
								"issues":null,"colorCode":null
							},
							{
								"name":"Last-Modified",
								"value":"Mon, 13 May 2019 08:57:02 GMT",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Date",
								"value":"Mon, 13 May 2019 09:06:26 GMT",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Access-Control-Allow-Headers",
								"value":"X-Requested-With, Content-Type, Origin, Authorization, Accept, Client-Security-Token, Accept-Encoding",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Accept-Ranges",
								"value":"bytes",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Cache-Control",
								"value":"no-cache, no-store, must-revalidate~private, max-age=604800",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"ETag",
								"value":"\"43ef6-588c119939675\"",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Set-Cookie",
								"value":"AKA_A2=A; expires=Mon, 13-May-2019 10:06:26 GMT; path=/; domain=symantec.com; secure; HttpOnly",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Set-Cookie",
								"value":"spk=1894745231; path=/; secure",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Expires",
								"value":"0",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Content-Length",
								"value":"276799",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Access-Control-Max-Age",
								"value":"1000~1000",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Link",
								"value":"<https://web-analytics.example.m>;rel=\"preconnect\",<https://j.web.m>;rel=\"preconnect\",<https://nxs.example.com>;rel=\"preconnect\",<https://tracker.mrexample.m>;rel=\"preconnect\"",
								"issues":null,
								"colorCode":null
							},
							{
								"name":"Content-Type",
								"value":"text/html; charset=utf-8",
								"issues":null,
								"colorCode":null
							}
						],
						"suggestion":null,
						"kbLink":null
					}
				]
			}
		],
		"rating":"Not secure",
		"certChainInfo":{
			"certChainId":4752752,
			"noOfCertChainFound":2,
			"status":"Invalid-certificate is expired",
			"isSelfSigned":false,
			"certChainDetails":{
				"certChainDetailsList":[
					{
						"certDetailsList":[
							{
								"status":"Valid",
								"expirationDate":1855828800000,
								"keyAlgorithm":"RSA2048",
								"algorithmType":"SHA256withRSA",
								"issueDate":1382443200000,
								"issuerDN":"CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US",
								"subject":null,
								"errors":null
							},
							{
								"status":"Expired",
								"expirationDate":null,
								"keyAlgorithm":null,
								"algorithmType":null,
								"issueDate":null,
								"issuerDN":null,
								"subject":"CN=www.exampleca.com,OU=Corp Mktg & Comms - Online Exp,O=Symantec Corporation,L=Mountain View,ST=California,C=US,2.5.4.5=#130732313538313133,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#0c1450726976617465204f7267616e697a6174696f6e(end-entity)",
								"errors":[
									"This certificate has expired. Replace the expired certificate with a valid certificate."
								]
							}
						],
						"overallStatus":"Primary Chain (Invalid-  certificate is expired)",
						"isAdditionalCertChain":null,
						"isValidChain":false
					}
				]
			}
		},
		"criticalTlsIssues":[],
		"nonCriticalTlsIssues":[],
		"protocolCiphersInfoList":[],
		"serverConfigList":[
			{
				"protocol":"TLSv1.2",
				"keySize":128,
				"cipherAlgorithm":"AES"
			}
		],
		"tlsIssuesFound":false,
		"vulnerabilityScanEnabled":false
	}
}

请求参数

名称 请求/选项 类型 描述
ip 必填 string 您要获取其评级的端点的 IP 地址。
port 必填 string 您要获取其评级的端点的端口。
accountId 必填 string 帐号。
divisionIds 可选 array 分区 ID。
scanId 可选 string 扫描并提取了端点详细信息的 CertCentral Discovery 扫描的唯一 ID。
scanName 筛选项应用于端点视图或用户从扫描详细信息浏览至证书视图时必填。
source 可选 string 将用户重定向到这里的扫描名称。
serverId 可选 string 服务器 ID(如果可用)。

响应参数

名称 类型 描述
data object 容器。
.. categories array 决定安全性评级的评估标准的容器。
.. .. name string 评估类别的名称。
.. .. criteria array 决定安全性评级的详细信息的容器。
.. .. .. name string 评估标准。
.. .. .. value string 标准值。
.. .. .. issues bool 此标准是否存在已知问题。
.. .. .. colorCode string 警告级别。
可能的值:1=有风险(高),2=警告(中),null
.. .. .. message string 摘要。
.. .. .. data array 子类别的容器。
.. .. .. .. name string 评估标准。
.. .. .. .. value string 标准值。
.. .. .. .. issues bool 此标准是否存在已知问题。
.. .. .. .. colorCode string 警告级别。
可能的值:1=有风险(高),2=警告(中),null
.. .. .. suggestion string 详细信息和/或解决方案。
.. .. .. kbLink string 指向附加信息的链接。
.. rating string 服务器安全性评级,基于端点的通信和安全设置。
.. certChainInfo object 中间 CA 证书信息的容器。
.. .. certChainId string 证书链 ID。
.. .. noOfCertChainFound int 找到的证书链的数量。
.. .. status string 证书链状态。
.. .. isSelfSigned bool 证书链是否为自签名。
.. .. certChainDetails object 证书链详细信息容器。
.. .. .. certChainDetailsList array 证书链详细信息容器。
.. .. .. .. certDetailsList array 中间证书或根证书详细信息。
.. .. .. .. .. status string 证书状态。
.. .. .. .. .. expirationDate string 到期日期。
.. .. .. .. .. keyAlgorithm string 加密算法。
.. .. .. .. .. algorithmType string SHA 类型。
.. .. .. .. .. issueDate string 颁发日期。
.. .. .. .. .. issuerDN string 颁发者名称。
.. .. .. .. .. subject string 证书使用者。
.. .. .. .. .. errors array 错误消息。
.. .. .. .. overallStatus string 整体证书链状态。
.. .. .. .. isAdditionalCertChain bool 是否发现了除预期证书链之外的其他证书。
.. .. .. .. isValidChain bool 证书链是否有效。
.. criticalTlsIssues array 与端点上的 TLS 实现有关的严重问题。
.. nonCriticalTlsIssues array 与端点上的 TLS 实现有关的非严重问题。
.. protocolCiphersInfoList array 端点上存在的密码套件。
.. serverConfigList object 服务器的通信安全设置。
.. .. protocol string 通信安全协议。
.. .. keySize string 加密密钥大小。
.. .. cipherAlgorithm string 加密算法。
.. tlsIssuesFound bool 端点上是否存在 TLS 问题。
.. vulnerabilityScanEnabled bool 是否对端点启用了漏洞扫描。