How SSL/TLS Certificate Grading works ?
The SSL Certificate Grade is determined based on factors like supported protocols, cipher strength, certificate key exchange size, and the presence of certificate vulnerabilities. The supported grades are as follows:
Grade Values:
Grade
| Values
|
A+
| 90 and above |
A
| 80 to 90 |
B+
| 75 to 80 |
B
| 65 to 75 |
C
| 50 to 65 |
D
| 35 to 50 |
E
| 20 to 35 |
F
| Below 20 |
Additional conditions for assigning the grades:
Grade F: Assigned if the SSL/TLS certificate has vulnerabilities such as FREAK or LOGJAM.
Grade C: Assigned if the SSL/TLS certificate has the CRIME vulnerability or if both RCE and either TLSv1.1 or TLSv1.2 are present.
Grade B: Assigned if the SSL/TLS certificate has any of the following:
BEAST vulnerability
RCE vulnerability
Lack of Forward Secrecy
Usage of either TLSv1.1 or TLSv1
Lack of AEAD
Note : SSLv2 and SSLv3 protocols are excluded when determining the grade of the SSL/TLS certificate.
New to ADSelfService Plus?
Related Articles
How to monitor SSL Certificate of FTPS server?
Two modes to invoke client security in FTPS Explicit mode Implicit mode Explicit mode (Default port 21) - This port shouldn't be used In Explicit mode, an FTPS client must "explicitly request" security from an FTPS server by sending an FTP command ...
Enable TLS 1.2 alone in the EUM Agent
Follow the below steps to enable TLS1.2 alone (disable TLS 1 & 1.1) Open the file server.xml present under EUMAgent\conf\backup folder. Search for the term 'SSLEnabled="true" '. Add the parameter 'sslEnabledProtocols="TLSv1.2" ' to the end of that ...
What is Blacklisted Certificates check in SSL/TLS Certificate monitoring ?
The blacklist check ensures that the server’s SSL/TLS certificate is not blacklisted by comparing its SHA-256 fingerprint with a list of known blacklisted certificates. This process helps identify certificates that are associated with cyberthreats or ...
What is Trust Validation in SSL/TLS Certificate monitoring ?
Trust validation for certificates and certificate chains is conducted using OCSP (Online Certificate Status Protocol) and CRLDP (Certificate Revocation List Distribution Point). These methods ensure that the certificates used in secure communications ...
Resolving Issues When Onboarding SSL-Enabled MySQL Database Servers
Error Message: Connections using insecure transport are prohibited while --require_secure_transport=ON Solution: To overcome this issue follow the steps given below: Execute the following query in the corresponding MySQL shell script: ALTER USER ...