Risk rating
  • 1 minute to read
  • Dark
    Light
  • PDF

Risk rating

  • Dark
    Light
  • PDF

Article summary

The certificate risk rating is a scale that assesses and sets a grade for certificates according to the following criteria:

  • Encryption algorithm
  • Encryption key size
  • Signature algorithm
  • Certificate authority
  • Certificate expiration date
  • Number of devices using the certificate
  • Certificate responsible
  • Certificate status

For each criterion, the certificate can gain or lose points. The final result is the sum of the points the certificate has received. This classification allows rapid risk assessment in environments where certificates are in use.

Security rating

ScoreRating
More than 80A
Between 65 and 79B
Between 50 and 64C
Between 35 and 49D
Between 25 and 34E
Between 0 and 24F
Less than 0NT (Not Trusted)

The classification does not restrict the use of certificates. You can define whether or not to use a low-rated certificate on your systems.

Warning

We do not recommend using low-rated certificates in productive environments.


Rating criteria

The sum of the criteria below generates a total that falls within one of the ranges, resulting in the final security rating of the certificate.

Encryption algorithm

TypeScore
DSA-100
Others0

Encryption key size

RSA

SizeScore
4096 bits+30
2048 bits+20
1024 bits+10
< 1024 bits-100

EC/ECDSA

SizeScore
384 bits+40
256 bits+25
160 bits+5
< 160 bits0

Signature algorithm

TypeScore
SHA512+30
SHA384+20
SHA256+10
Others0

Certificate authority

TypeScore
Has CA+10
Self-signed0

Certificate expiration date

ValueScore
Valid+10
Expired-100

Number of devices using the certificate

ValueScore
Between 0 and 1 devices+10
Between 2 and 5 devices+5
More than 5 devices0

Certificate responsible

ValueScore
Has responsible+10
Does not have responsible0

Certificate status

ValueScore
Revoked*-100
Others0
Warning

The certificate is considered revoked when its intermediate or root certificate is revoked.


Was this article helpful?