Use this API to fetch the grade summary of instances of the certificate identified by the requested parameters. You can use various filters to search for the required result. You can use multiple filters and parameters. You can specify starting page number and page size. The response shows grading details of the instances of the certificate.
You can see only those assets that have been assigned by your manager user. When you send an API request, you can access information about the assets and their corresponding certificates assigned to you, based on scope. For more information on tag-based user scoping refer to Certificate View Online help.
|
Parameter |
Mandatory/Optional |
Data Type |
Description |
|---|---|---|---|
|
filter |
Optional | String |
Filter the events list by providing a query using Qualys syntax. If you do not provide filter parameter, it shows details of all the certificates. For the list of tokens you can use to build the query refer to Search tokens and supported format. |
|
pageNumber |
Optional | Integer |
The page to be returned. The default value is zero. |
|
pageSize |
Optional | Integer |
Provide the number of records per page to be included in the response. Default: 10 Maximum: 200 For example, the total result set is 50 assets. If the page size is specified as 10, then the result is divided in 5 pages with 10 assets each. |
| assetType | Optional | String |
Fetch the instances based on type of asset specified in the query. You can use the asset type as MANAGED, UNMANAGED, or ALL. Default: MANAGED Managed: Fetches all the instances on managed assets. Unmanaged: Fetches all the instances on assets with unmanaged tags. All: Fetches all the instances on managed and unmanaged assets. |
|
Authorization |
Mandatory | String |
Authorization token to authenticate to the Qualys Cloud Platform. Prepend token with "Bearer" and one space. For example - Bearer authToken |
The following sample request specifies filter as instance.id and pageSize as 10 in the request. The request fetches grade summary of the certificate instance related to this query. The response has certificate details like instance summary and grade summary.
API Request
curl -X POST
"<qualys_base_url>/certview/v2/instances" -H "Accept: application/json" -H "Content-Ty"filterRequest":
{ "filters": [ { "field": "instance.id","value": "3247","operator":
"EQUALS" }]},"pageNumber": 0,"pageSize": 10}' -H "Authorization: Bearer <JWT Token>"
Response
[
{
"id": 3247,
"port": 443,
"scannedDate": "2022-11-03T02:46:31.000+00:00",
"protocol": "tcp",
"service": "http",
"grade": "C",
"asset": {
"id": 18166463,
"uuid": "844e33a8-53e2-4c69-8bca-88b9a0aba4ab",
"name": "joe.dough.example.com",
"primaryIp": "10.10.10.10"
},
"certificate": {
"id": 13024,
"certhash": "88be9dcfba0e89ae97c58ac6f1030c4a3a05e9e4b26f03daf3c260ec8e0daf71",
"name": "joe.dough.example.com",
"lastFound": 1667445018000
},
"gradeSummary": {
"grade": "C",
"gradeWithTrustIgnored": "C",
"certificateScore": 100,
"protocolSupportScore": 90,
"keyExchangeScore": 65,
"cipherStrengthScore": 65,
"warnings": [
"TLS 1.0 Supported. Grade capped to B.",
"TLS 1.1 Supported. Grade capped to B.",
"The server does not support Forward Secrecy. Grade capped to B.",
"The server does not support AEAD (Authenticated encryption) cipher suites. Grade capped to B."
],
"errors": [
"This server uses RC4 with TLS 1.1+. Grade capped to C.",
"The server supports RC4. Grade capped to B."
],
"notices": [],
"infos": [],
"highlights": [
"SSLv3 is not Supported.",
"This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks."
],
"protocolSupportInfo": {
"SSLv2": false,
"SSLv3": false,
"TLSv1": true,
"TLSv1.3": false,
"TLSv1.2": true,
"TLSv1.1": true
},
"protocolSupportWeightage": 27,
"cipherStrengthInfo": {
"< 128 bits (e.g., 40, 56)": false,
"0 bits (no encryption)": false,
">= 256 bits (e.g., 256)": true,
"< 256 bits (e.g., 128, 168)": true
},
"cipherStrengthWeightage": 26,
"keyExchangeInfo": {
"Key or DH parameter strength < 2048 bits (e.g., 1024)": false,
"Key or DH parameter strength < 512 bits": false,
"Weak key (Debian OpenSSL flaw)": false,
"Key or DH parameter strength < 4096 bits (e.g., 2048)": true,
"Key or DH parameter strength >= 4096 bits (e.g., 4096)": false,
"Exportable key exchange": false,
"Anonymous key exchange (no authentication)": false,
"Key or DH parameter strength < 1024 bits (e.g., 512)": false
},
"keyExchangeWeightage": 19.5,
"cipherSuites": {
"TLSv1": [
{
"name": "RC4-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 4128,
"category": "INSECURE"
},
{
"name": "AES128-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 128,
"category": "INSECURE"
},
{
"name": "AES256-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 256,
"category": "INSECURE"
}
],
"TLSv1.2": [
{
"name": "RC4-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 4128,
"category": "INSECURE"
},
{
"name": "AES128-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 128,
"category": "INSECURE"
},
{
"name": "AES256-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 256,
"category": "INSECURE"
}
],
"TLSv1.1": [
{
"name": "RC4-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 4128,
"category": "INSECURE"
},
{
"name": "AES128-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 128,
"category": "INSECURE"
},
{
"name": "AES256-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 256,
"category": "INSECURE"
}
]
}
}
},
{
"id": 3177,
"port": 443,
"scannedDate": "2022-10-18T10:07:02.000+00:00",
"protocol": "tcp",
"service": "http",
"grade": "C",
"asset": {
"id": 17729052,
"uuid": "4e354c6b-78f2-45a8-b8e2-bfc54e76ef30",
"name": "joe.dough.example.com",
"primaryIp": "10.10.10.10"
},
"certificate": {
"id": 13024,
"certhash": "88be9dcfba0e89ae97c58ac6f1030c4a3a05e9e4b26f03daf3c260ec8e0daf71",
"name": "joe.dough.example.com",
"lastFound": 1667445018000
},
"gradeSummary": {
"grade": "C",
"gradeWithTrustIgnored": "C",
"certificateScore": 100,
"protocolSupportScore": 90,
"keyExchangeScore": 65,
"cipherStrengthScore": 65,
"warnings": [
"TLS 1.0 Supported. Grade capped to B.",
"TLS 1.1 Supported. Grade capped to B.",
"The server does not support Forward Secrecy. Grade capped to B.",
"The server does not support AEAD (Authenticated encryption) cipher suites. Grade capped to B."
],
"errors": [
"This server uses RC4 with TLS 1.1+. Grade capped to C.",
"The server supports RC4. Grade capped to B."
],
"notices": [],
"infos": [],
"highlights": [
"SSLv3 is not Supported.",
"This server supports TLS_FALLBACK_SCSV to prevent protocol downgrade attacks."
],
"protocolSupportInfo": {
"SSLv2": false,
"SSLv3": false,
"TLSv1": true,
"TLSv1.3": false,
"TLSv1.2": true,
"TLSv1.1": true
},
"protocolSupportWeightage": 27,
"cipherStrengthInfo": {
"< 128 bits (e.g., 40, 56)": false,
"0 bits (no encryption)": false,
">= 256 bits (e.g., 256)": true,
"< 256 bits (e.g., 128, 168)": true
},
"cipherStrengthWeightage": 26,
"keyExchangeInfo": {
"Key or DH parameter strength < 2048 bits (e.g., 1024)": false,
"Key or DH parameter strength < 512 bits": false,
"Weak key (Debian OpenSSL flaw)": false,
"Key or DH parameter strength < 4096 bits (e.g., 2048)": true,
"Key or DH parameter strength >= 4096 bits (e.g., 4096)": false,
"Exportable key exchange": false,
"Anonymous key exchange (no authentication)": false,
"Key or DH parameter strength < 1024 bits (e.g., 512)": false
},
"keyExchangeWeightage": 19.5,
"cipherSuites": {
"TLSv1": [
{
"name": "RC4-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 4128,
"category": "INSECURE"
},
{
"name": "AES128-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 128,
"category": "INSECURE"
},
{
"name": "AES256-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 256,
"category": "INSECURE"
}
],
"TLSv1.2": [
{
"name": "RC4-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 4128,
"category": "INSECURE"
},
{
"name": "AES128-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 128,
"category": "INSECURE"
},
{
"name": "AES256-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 256,
"category": "INSECURE"
}
],
"TLSv1.1": [
{
"name": "RC4-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 4128,
"category": "INSECURE"
},
{
"name": "AES128-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 128,
"category": "INSECURE"
},
{
"name": "AES256-SHA",
"keyExchange": "RSA",
"encryptionKeyStrength": 256,
"category": "INSECURE"
}
]
}
}
}
]
The following sample request specifies two filters as asset.name , instance.port and pageSize as 10 in the request. The request fetches the grade summary of the certificate instances related to this query. The response has certificate details (like instance summary and grade summary) associated with the asset name and instance port given in the query.
API Request
curl -X POST
"<qualys_base_url>/certview/v2/instances' -H "Accept: application/json"-H "Content-Type: application/json" -d "{"filterRequest": {"filters": [{"field": "asset.name","value": "joe.dough.example.com","operator": "NOT_EQUALS"},{"field": "instance.port","value": "400","operator": "GREATER_THAN_EQUAL"}],"operation": "OR"},"pageNumber": 0,"pageSize": 10}" -H "Authorization: Bearer <JWT Token>"
Response
[
{
"id": 10349,
"certhash": "466dc3a5d7e15c4c4d518eb910f92c968e26f6d0f00dd77df04c2b4a163ec71e",
"keySize": 2048,
"serialNumber": "09c32c6f413ba6af22fdd232068fa708",
"validToDate": "2022-04-04T23:59:59.000+00:00",
"validTo": 1649116799000,
"validFromDate": "2021-03-30T00:00:00.000+00:00",
"validFrom": 1617062400000,
"signatureAlgorithm": "SHA256withRSA",
"extendedValidation": false,
"createdDate": "2021-10-07T08:39:33.000+00:00",
"dn": "CN=ssllabs.com, O=\"Qualys, Inc.\", L=Foster City, ST=California, C=US",
"subject": {
"organization": "Qualys, Inc.",
"locality": "Foster City",
"name": "ssllabs.com",
"state": "California",
"country": "US",
"organizationUnit": []
},
"updateDate": "2021-10-07T08:39:33.000+00:00",
"lastFound": 1633595973000,
"imported": true,
"selfSigned": false,
"issuerCategory": "unapproved",
"instanceCount": 0,
"assetCount": 0
},
{
"id": 13024,
"certhash": "88be9dcfba0e89ae97c58ac6f1030c4a3a05e9e4b26f03daf3c260ec8e0daf71",
"keySize": 2048,
"serialNumber": "063edb84e40577cbc812edff6bf6d1bb",
"validToDate": "2023-09-22T23:59:59.000+00:00",
"validTo": 1695427199000,
"validFromDate": "2022-09-22T00:00:00.000+00:00",
"validFrom": 1663804800000,
"signatureAlgorithm": "SHA256withRSA",
"extendedValidation": true,
"createdDate": "2022-09-24T02:56:54.000+00:00",
"dn": "CN=www.example.com, O=\"Qualys, Inc.\", L=Foster City, ST=California, C=US, serialNumber=3152140, businessCategory=Private Organization, StateOrProvince=Delaware, CountryName=US",
"subject": {
"organization": "Qualys, Inc.",
"locality": "Foster City",
"name": "www.example.com",
"state": "California",
"country": "US",
"organizationUnit": []
},
"updateDate": "2022-09-30T03:15:16.000+00:00",
"lastFound": 1664507716000,
"imported": false,
"selfSigned": false,
"issuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "DigiCert SHA2 Extended Validation Server CA",
"country": "US",
"state": "",
"certhash": "403e062a2653059113285baf80a0d4ae422c848c9f78fad01fc94bc5b87fef1a",
"locality": ""
},
"rootissuer": {
"organization": "DigiCert Inc",
"organizationUnit": [
"www.digicert.com"
],
"name": "DigiCert High Assurance EV Root CA",
"country": "US",
"state": "",
"certhash": "7431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf",
"locality": ""
},
"issuerCategory": "unapproved",
"instanceCount": 1,
"assetCount": 1,
"assets": [
{
"id": 15421515,
"uuid": "99345007-6fb5-4b64-876b-621b2f2c967e",
"netbiosName": "",
"name": "www.example.com",
"operatingSystem": "EulerOS / SuSE Linux / Scientific Linux",
"hostInstances": [
{
"id": 2063,
"port": 443,
"fqdn": "",
"protocol": "tcp",
"service": "http",
"grade": "C"
}
],
"assetInterfaces": [
{
"hostname": "www.example.com",
"address": "64.39.96.133"
}
]
}
]
}
]