Helping Build, Manage, and Maintain Secure SSL/TLS Connections

Using the Certificate Inspector to build, manage, and maintain a secure network requires a DigiCert account. After you receive your account from us, you need to download and install the DigiCert Certificate Agent on the computer from which you want to scan the other servers.

The agent allows the Certificate Inspector to analyze your SSL Certificates. In addition, because the computer on which you install the agent is part of your internal network, not only can you scan public facing sites, but also internal sites.

Next, as part of the authentication process, you must use your website credentials to register the Certificate Agents. Finally, you select which servers you want to scan.

After the Certificate Inspector scans and analyzes the SSL Certificates, Endpoints, and certificate implementations, you can view the results and decide on the necessary actions that you should take to strengthen the security of your network.

Learn more about certificate/server vulnerabilities »

Collecting Certificate Information

Certificate Grade

The Certificate Inspector shows the grade that the certificate received the last time it was scanned.

Chain Information

The Certificate Inspector provides information about the root certificate, any intermediate certificates (certificates signed by certificates that were signed by the trusted root certificate), and your certificate.

Expiration Date

The Certificate Inspector looks at each certificate’s expiration date. Expired SSL Certificates may cause Web browsers to display warnings when end-users/clients visit your site; warnings can trigger end-user mistrust.

Last Scan Date

The Certificate Inspector shows the date that the certificate was last scanned.

Other Data Collected:

  • Certificate Signature Algorithm

  • Common Name

  • Issuer Company

  • Key Algorithm

  • Key Size

  • Organization Name

  • Revocation Status

  • Self-signed

  • Serial Number

  • Subject Alternative Names (SANs)

  • Thumbprint

  • Valid Dates

  • Validation Type


X.509 Extensions Examined:

  • AIA Issuer Path URL


  • Basic Constraints

  • CRL Distribution Point

  • Extended Key Usage

  • Key Usage

Letter Grades

The DigiCert Certificate Inspector scans your SSL environment to find weak points in your SSL installations and configurations. We created a proprietary algorithm that allows the Certificate Inspector to analyze the collected data and assign each of your SSL Certificates and Endpoints a letter grade, A – F. Note that certain vulnerabilities affect the letter grade you receive, while in other cases, you simply receive a warning alerting you to the potential weaknesses.

A Grade

Your security is awesome; keep up the good work.

B Grade

Your security is good, but it is not future-proof or may have compatibility issues.

C Grade

Your security has issues that need your attention; start making plans to fix these issues today. You are vulnerable to nation-state-type attackers.

D Grade

Your security is weak and is susceptible to known vulnerabilities; start fixing these problems today. You are vulnerable to experienced hackers.

F Grade

Your security is unacceptable; start fixing problems immediately. You are vulnerable to even novice attackers.

DigiCert Certificate Agent Management

DigiCert Certificate Agent Management enables you to run scans and install SSL Certificates in moments with a Command Line Interface or the intuitive GUI.

Additional DigiCert Certificate Agent Management functionality allows you to:

  • Disable unused agents

  • Download new agents

  • Identify individual agents via unique certificates

  • View all agents currently used in system