- September 28, 2022: Updated available fields.
- April 8, 2021: Published.
The TLS/SSL Certificates risk vector evaluates the strength and effectiveness of the cryptographic keys within TLS and SSL certificates, which are used to encrypt internet traffic.
|Asset Importance||The asset’s importance.||
|Assets||The asset name.||No|
|Assigned To||The user assigned to remediate the finding.||Yes|
|Certificate End Date❖||The date when the certificate’s validity expires.||No|
|Certificate Key Algorithm❖||The cryptographic algorithm used to generate the key.||No|
|Certificate Key Evidence❖||The hostname or IP address associated with the certificate.||No|
The certificate authority that issued this certificate, made up of attribute assertion values.
|Certificate Serial Number❖||The serial number of this certificate in decimal format. This can be used for internal investigation.||No|
|Certificate Signing Algorithm❖||The cryptographic algorithm used to sign this certificate. MD2, MD5, and SHA-1 are considered insecure.||No|
|Certificate Signing Key Length❖||The length of the key used to sign this certificate. For RSA encryption, a key length of 2048 bits is recommended; for elliptic curve encryption, a key length of 224 is recommended.||No|
|Certificate Start Date❖||The date when the certificate’s validity begins.||No|
|Certificate Subject❖||Information describing the host secured by this certificate.||No|
|Certificate Subject Alternate❖||The domain names secured by this certificate.||No|
|Comments||Discussions that provide a way to describe the status of resolution or validity of findings to external stakeholders and other interested parties.||No|
The country where IP addresses attributed to the finding are hosted.
|First Seen||The date when the finding was first observed.||
|Last Seen||The date when the finding was last observed.||
|Destination Port❖||The destination port identified in the finding.||No|
|Details||A brief description of the issue. See finding messages.||No|
|Finding Identifier||The IP address or domain that identifies the asset.||Text search.|
|Finding Severity||The measured risk that this finding introduces.||
|Grade||The finding grade.||
|Impacts Risk Vector||Filters for findings that currently impact the letter grade of their risk vector. The amount of time a finding impacts the letter grade depends upon the risk vector. See when risk vectors are impacted.||Yes|
|Observed IPs❖||A list of IP addresses where the certificate was seen, on the most recent day.||No|
|Refresh||This finding’s refresh status.||
|Remaining Lifetime||The projected number of days that a finding will continue to impact risk vector grading (lifetime). This is a projection that assumes nothing changes in the future and a finding is not updated with new information. It may change if a finding is updated.||The number of days.|
|Remediation Instructions❖||How to resolve a negative finding.||No|
|Remediation Status||The remediation status. See how to verify that a TLS/SSL Certificates finding has been remediated.||
|Risk Vector||The risk vector.||Yes|
|Status Updated||The date when the “Remediation Status” or “Assigned To” fields were last changed.||