Risk rating
- 1 minute to read
-
Print
-
DarkLight
-
PDF
Risk rating
- 1 minute to read
-
Print
-
DarkLight
-
PDF
The certificate risk rating is a scale that assesses and sets a grade for certificates according to the following criteria:
- Encryption algorithm
- Encryption key size
- Signature algorithm
- Certificate authority
- Certificate expiration date
- Number of devices using the certificate
- Certificate responsible
- Certificate status
For each criterion, the certificate can gain or lose points. The final result is the sum of the points the certificate has received. This classification allows rapid risk assessment in environments where certificates are in use.
Security rating
| Score | Rating |
|---|---|
| More than 80 | A |
| Between 65 and 79 | B |
| Between 50 and 64 | C |
| Between 35 and 49 | D |
| Between 25 and 34 | E |
| Between 0 and 24 | F |
| Less than 0 | NT (Not Trusted) |
The classification does not restrict the use of certificates. You can define whether or not to use a low-rated certificate on your systems.
Warning
We do not recommend using low-rated certificates in productive environments.
Rating criteria
The sum of the criteria below generates a total that falls within one of the ranges, resulting in the final security rating of the certificate.
Encryption algorithm
| Type | Score |
|---|---|
| DSA | -100 |
| Others | 0 |
Encryption key size
RSA
| Size | Score |
|---|---|
| 4096 bits | +30 |
| 2048 bits | +20 |
| 1024 bits | +10 |
| < 1024 bits | -100 |
EC/ECDSA
| Size | Score |
|---|---|
| 384 bits | +40 |
| 256 bits | +25 |
| 160 bits | +5 |
| < 160 bits | 0 |
Signature algorithm
| Type | Score |
|---|---|
| SHA512 | +30 |
| SHA384 | +20 |
| SHA256 | +10 |
| Others | 0 |
Certificate authority
| Type | Score |
|---|---|
| Has CA | +10 |
| Self-signed | 0 |
Certificate expiration date
| Value | Score |
|---|---|
| Valid | +10 |
| Expired | -100 |
Number of devices using the certificate
| Value | Score |
|---|---|
| Between 0 and 1 devices | +10 |
| Between 2 and 5 devices | +5 |
| More than 5 devices | 0 |
Certificate responsible
| Value | Score |
|---|---|
| Has responsible | +10 |
| Does not have responsible | 0 |
Certificate status
| Value | Score |
|---|---|
| Revoked* | -100 |
| Others | 0 |
Warning
The certificate is considered revoked when its intermediate or root certificate is revoked.
Was this article helpful?
