How SSL/TLS Certificate Grading works ?

How SSL/TLS Certificate Grading works ?

The SSL Certificate Grade is determined based on factors like supported protocols, cipher strength, certificate key exchange size, and the presence of certificate vulnerabilities. The supported grades are as follows:


Grade
Values
A+
90 and above
A
80 to 90
B+
75 to 80
B
65 to 75
C
50 to 65
D
35 to 50
E
20 to 35
F
Below 20

Additional conditions for assigning the grades:

  1. Grade F: Assigned if the SSL/TLS certificate has vulnerabilities such as FREAK or LOGJAM.

  2. Grade C: Assigned if the SSL/TLS certificate has the CRIME vulnerability or if both RC4 and either TLSv1.1 or TLSv1.2 are present.

  3. Grade B: Assigned if the SSL/TLS certificate has any of the following:

    1. BEAST vulnerability

    2. RC4 vulnerability

    3. Lack of Forward Secrecy

    4. Usage of either TLSv1 or TLSv1.1

    5. Lack of AEAD

Notes
Note: SSLv2 and SSLv3 protocols are excluded when determining the grade of the SSL/TLS certificate.


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • How to monitor SSL Certificate of FTPS server?

                      To monitor the SSL certificate of an FTPS server, Implicit mode is the recommended method. In this mode, the connection is automatically encrypted as soon as the client connects, making it ideal for monitoring SSL certificates. Implicit Mode (Default ...

                    • Enable TLS 1.2 alone in the EUM Agent

                      Follow the below steps to enable TLS1.2 alone (disable TLS 1 & 1.1) Open the file server.xml present under EUMAgent\conf\backup folder. Search for the term 'SSLEnabled="true" '. Add the parameter 'sslEnabledProtocols="TLSv1.2" ' to the end of that ...

                    • Resolving Issues When Onboarding SSL-Enabled MySQL Database Servers

                      Error Message: Connections using insecure transport are prohibited while --require_secure_transport=ON Solution: To overcome this issue follow the steps given below: Execute the following query in the corresponding MySQL shell script: ALTER USER ...

                    • What is Blacklisted Certificates check in SSL/TLS Certificate monitoring ?

                      The blacklist check ensures that the server’s SSL/TLS certificate is not blacklisted by comparing its SHA-256 fingerprint with a list of known blacklisted certificates. This process helps identify certificates that are associated with cyberthreats or ...

                    • What is Trust Validation in SSL/TLS Certificate monitoring ?

                      Trust validation for certificates and certificate chains is conducted using OCSP (Online Certificate Status Protocol) and CRLDP (Certificate Revocation List Distribution Point). These methods ensure that the certificates used in secure communications ...

                      Related Products