Secure Site Pro SSL, Secure Site Pro EV SSL, and Secure Site EV come with access to a vulnerability assessment service. This vulnerability assessment service allows you to identify and act against the most exploitable weaknesses on your website. To learn more about what's included with each Secure Site Pro and Secure Site EV certificates, see Pro TLS/SSL Certificates and Secure Site Certificates.
Vulnerability assessment is a cloud service so there is nothing to install. After we've issued your Secure Site Pro or Secure Site EV certificate, and you've enabled vulnerability assessment for the order, you can start using the service immediately to scan the domains on the certificate order.
Vulnerability assessment does not replace PCI-compliant vulnerability scans. The service complements existing protection with an automatic monthly scan and a report of the most critical vulnerabilities.
Vulnerability assessment helps you:
Vulnerability assessment includes:
The vulnerability assessment service pulls the information about your domains into your CertCentral account, where you can view details about any discovered vulnerabilities to quickly identify exploitable weaknesses and take corrective action for your domains. You can also download reports, get notifications, and rescan your website to help confirm that vulnerabilities have been fixed.
By default, the assessment service scans domains on the order once per month for as long as vulnerability assessments are enabled. You can also manually queue a domain to be rescanned anytime. To prevent scanning altogether, disable vulnerability assessments for the certificate order.
The vulnerability assessment service only scans the highest-level domains secured by the certificate. In the tables below, we show some examples of which domains the service scans for when securing domains at various levels: base domains, first-level subdomains, and second-level subdomains.
Certificate A Domains secured:
|
When a certificate secures base domains and first-level subdomains, the service only scans the base domains. In this example, the certificate secures two base domains and two first-level subdomains. So, the service scans only the base domains. |
Certificate B Domains secured:
|
When a certificate does not secure a base domain, the service scans the subdomains at the next lowest level. In this example, the certificate secures a first-level subdomain and a second-level subdomain. So, the service scans only the first-level subdomain. |
Certificate C Secured domains:
|
When a certificate secures multiple subdomains at the same level, the service scans all the subdomains. In this example, the certificate secures three first-level subdomains and one second-level subdomains. So, the service scans all the first-level subdomains. |
Vulnerability assessment service instructions