How SSL/TLS Certificate Grading works ?

How SSL/TLS Certificate Grading works ?

The SSL Certificate Grade is determined based on factors like supported protocols, cipher strength, certificate key exchange size, and the presence of certificate vulnerabilities. The supported grades are as follows:


Grade Values:

Grade
Values
A+
90 and above
A
80 to 90
B+
75 to 80
B
65 to 75
C
50 to 65
D
35 to 50
E
20 to 35
F
Below 20


Additional conditions for assigning the grades:

  1. Grade F: Assigned if the SSL/TLS certificate has vulnerabilities such as FREAK or LOGJAM.

  2. Grade C: Assigned if the SSL/TLS certificate has the CRIME vulnerability or if both RCE and either TLSv1.1 or TLSv1.2 are present.

  3. Grade B: Assigned if the SSL/TLS certificate has any of the following:

    1. BEAST vulnerability

    2. RCE vulnerability

    3. Lack of Forward Secrecy

    4. Usage of either TLSv1.1 or TLSv1

    5. Lack of AEAD


Note : SSLv2 and SSLv3 protocols are excluded when determining the grade of the SSL/TLS certificate.


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • How to monitor SSL Certificate of FTPS server?

                      Two modes to invoke client security in FTPS Explicit mode Implicit mode Explicit mode (Default port 21) - This port shouldn't be used In Explicit mode, an FTPS client must "explicitly request" security from an FTPS server by sending an FTP command ...

                    • Enable TLS 1.2 alone in the EUM Agent

                      Follow the below steps to enable TLS1.2 alone (disable TLS 1 & 1.1) Open the file server.xml present under EUMAgent\conf\backup folder. Search for the term 'SSLEnabled="true" '. Add the parameter 'sslEnabledProtocols="TLSv1.2" ' to the end of that ...

                    • What is Blacklisted Certificates check in SSL/TLS Certificate monitoring ?

                      The blacklist check ensures that the server’s SSL/TLS certificate is not blacklisted by comparing its SHA-256 fingerprint with a list of known blacklisted certificates. This process helps identify certificates that are associated with cyberthreats or ...

                    • LDAP - Unable to find valid SSL Certificate

                      If there is an error while adding LDAP Server Monitor with the message "Unable to find valid SSL Certificate", then please try the below steps to troubleshoot the issue. When the error occurs we can find the below traces in the "stderr.txt.*" log ...

                    • What is Trust Validation in SSL/TLS Certificate monitoring ?

                      Trust validation for certificates and certificate chains is conducted using OCSP (Online Certificate Status Protocol) and CRLDP (Certificate Revocation List Distribution Point). These methods ensure that the certificates used in secure communications ...

                      Related Products