- September 28, 2022: Updated available fields.
- April 8, 2021: Published.
The TLS/SSL Certificates risk vector evaluates the strength and effectiveness of the cryptographic keys within TLS and SSL certificates, which are used to encrypt internet traffic.
View findings from the Findings page or the Bitsight API.
Finding Details
The details include the data in Findings and Diligence details.
❖ This field can be included in the table from the Customize Columns option.
| Field | Description | Filters | |
|---|---|---|---|
| Asset Importance | The asset’s importance. |
|
|
| Assets | The asset name. | No | |
| Assigned To | The user assigned to remediate the finding. | Yes | |
| Certificate End Date❖ | The date when the certificate’s validity expires. | No | |
| Certificate Key Algorithm❖ | The cryptographic algorithm used to generate the key. | No | |
| Certificate Key Evidence❖ | The hostname or IP address associated with the certificate. | No | |
| Certificate Issuer❖ |
The certificate authority that issued this certificate, made up of attribute assertion values.
|
No | |
| Certificate Serial Number❖ | The serial number of this certificate in decimal format. This can be used for internal investigation. | No | |
| Certificate Signing Algorithm❖ | The cryptographic algorithm used to sign this certificate. MD2, MD5, and SHA-1 are considered insecure. | No | |
| Certificate Signing Key Length❖ | The length of the key used to sign this certificate. For RSA encryption, a key length of 2048 bits is recommended; for elliptic curve encryption, a key length of 224 is recommended. | No | |
| Certificate Start Date❖ | The date when the certificate’s validity begins. | No | |
| Certificate Subject❖ | Information describing the host secured by this certificate. | No | |
| Certificate Subject Alternate❖ | The domain names secured by this certificate. | No | |
| Comments | Discussions that provide a way to describe the status of resolution or validity of findings to external stakeholders and other interested parties. | No | |
| Country |
The country where IP addresses attributed to the finding are hosted.
|
No | |
| Dates | Observation dates. | Yes | |
| First Seen | The date when the finding was first observed. |
|
|
| Last Seen | The date when the finding was last observed. |
|
|
| Destination Port❖ | The destination port identified in the finding. | No | |
| Details | A brief description of the issue. See finding messages. | No | |
| Finding Identifier | The IP address or domain that identifies the asset. | Text search. | |
| Finding Severity | The measured risk that this finding introduces. |
|
|
| Grade | The finding grade. |
|
|
| Impacts Risk Vector | Filters for findings that currently impact the letter grade of their risk vector. The amount of time a finding impacts the letter grade depends upon the risk vector. See when risk vectors are impacted. | Yes | |
| Observed IPs❖ | A list of IP addresses where the certificate was seen, on the most recent day. | No | |
| Refresh | This finding’s refresh status. |
|
|
| Remaining Lifetime | The projected number of days that a finding will continue to impact risk vector grading (lifetime). This is a projection that assumes nothing changes in the future and a finding is not updated with new information. It may change if a finding is updated. | The number of days. | |
| Remediation Instructions❖ | How to resolve a negative finding. | No | |
| Remediation Status | The remediation status. See how to verify that a TLS/SSL Certificates finding has been remediated. |
|
|
| Risk Vector | The risk vector. | Yes | |
| Status Updated | The date when the “Remediation Status” or “Assigned To” fields were last changed. |
|
|