How SSL/TLS Certificate Grading works ?

How SSL/TLS Certificate Grading works ?

The SSL Certificate Grade is determined based on factors like supported protocols, cipher strength, certificate key exchange size, and the presence of certificate vulnerabilities. The supported grades are as follows:


Grade
Values
A+
90 and above
A
80 to 90
B+
75 to 80
B
65 to 75
C
50 to 65
D
35 to 50
E
20 to 35
F
Below 20

Additional conditions for assigning the grades:

  1. Grade F: Assigned if the SSL/TLS certificate has vulnerabilities such as FREAK or LOGJAM.

  2. Grade C: Assigned if the SSL/TLS certificate has the CRIME vulnerability or if both RC4 and either TLSv1.1 or TLSv1.2 are present.

  3. Grade B: Assigned if the SSL/TLS certificate has any of the following:

    1. BEAST vulnerability

    2. RC4 vulnerability

    3. Lack of Forward Secrecy

    4. Usage of either TLSv1 or TLSv1.1

    5. Lack of AEAD

Notes
Note: SSLv2 and SSLv3 protocols are excluded when determining the grade of the SSL/TLS certificate.


      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
                See all integrations
                New to ADManager Plus?
                See all integrations
                New to ADManager Plus?

                  New to ADSelfService Plus?

                  Start your free trial
                  Start your free trial

                    • Related Articles

                    • How to monitor SSL Certificate of FTPS server?

                      To monitor the SSL certificate of an FTPS server, Implicit mode is the recommended method. In this mode, the connection is automatically encrypted as soon as the client connects, making it ideal for monitoring SSL certificates. Implicit Mode (Default ...

                    • Enable TLS 1.2 alone in the EUM Agent

                      Follow the below steps to enable TLS1.2 alone (disable TLS 1 & 1.1) Open the file server.xml present under EUMAgent\conf\backup folder. Search for the term 'SSLEnabled="true" '. Add the parameter 'sslEnabledProtocols="TLSv1.2" ' to the end of that ...

                    • Resolving Issues When Onboarding SSL-Enabled MySQL Database Servers

                      Error Message: Connections using insecure transport are prohibited while --require_secure_transport=ON Solution: To overcome this issue follow the steps given below: Execute the following query in the corresponding MySQL shell script: ALTER USER ...

                    • LDAP - Unable to find valid SSL Certificate

                      If there is an error while adding LDAP Server Monitor with the message "Unable to find valid SSL Certificate", then please try the below steps to troubleshoot the issue. When the error occurs we can find the below traces in the "stderr.txt.*" log ...

                    • Troubleshooting SSL Handshake Error

                      An SSL Handshake error typically occurs when a secure connection cannot be established due to issues like incompatible SSL protocol versions, ciphers or missing client certificates. Verify URL Accessibility Ensure that the URL you’re monitoring is ...

                      Related Products