Skip to main content

What's on your dashboard

The DigiCert Quantum Central dashboard provides a high-level view of your post-quantum cryptography (PQC) posture. Use it to review key status indicators, identify areas that may need attention, and decide where to investigate next.

View your cryptographic posture

The dashboard displays the following information about your imported cryptographic assets:

Total cryptographic Assets

Total number of certificates and endpoints imported from DigiCert​​®​​ Trust Lifecycle Manager, through manual scans, or from other data sources.

Asymmetric Algorithm Usage

The signature algorithm usage in your end entity certificates.

  • Obtained from a certificate's subjectPublicKeyInfo field which contains values such as ML-DSA, RSA, and ECDSA.

  • Certificates using ML-DSA or SLH-DSA are considered quantum-safe and count towards your Quantum Readiness %.

Signature Algorithm Usage

The key algorithm usage in your Issuing CA certificates.

  • Obtained from the certificate's signatureAlgorithm field and contains values such as SHA256withRSA

    The compound name (e.g. SHA256withRSA) encodes two things in one:

    • The hash algorithm used to digest the TBSCertificate before signing (SHA256, SHA384)

    • The signing algorithm applied to that digest (RSA, ECDSA)

  • The signatureAlgorithm tells you whether the issuing CA is quantum-vulnerable, independent of the end entity certificate.

An end entity certificate could be signed with an ML-DSA key (subjectPublicKeyInfo) but still be issued by a CA using RSA (signatureAlgorithm). The chain is only as strong as the weakest link. Full PQC posture requires both fields to reflect quantum-safe algorithms.

CA certificates using ML-DSA or SLH-DSA are considered quantum-safe.

Key Agreement Usage

TLS key agreement is the process a client and server use to create shared session secrets during a TLS connection. They exchange public values and derive the same secret without sending the secret over the network. Temporary keys help protect recorded traffic if a long-term private key is later compromised.

  • Key agreements using X25519MLKEM768, SecP256r1MLKEM768, and SecP384r1MLKEM1024 are considered quantum-safe and count towards your Quantum Readiness %.

  • Quantum-safe key agreements are only supported in TLS 1.3.

TLS Protocol Usage

  • You must update systems to TLS 1.3 and enable quantum-safe key agreements to mitigate the harvest-now, decrypt later threat.

  • Quantum-safe key agreements are not supported in TLS 1.2, 1.1, or 1.0.

Learn more about Mitigating the Harvest-Now, Decrypt-Later Threat. You'll need a Quantum Central account to access this course.

Get AI-powered insights about your assets

DigiCert Quantum Central makes it very easy for you to prioritize your migration tasks with its in-built AI capabilities.

The AI can analyze all the imported cryptographic assets and answer any related questions.

You can go to the Dashboard and type your questions in the Get started bar at the top.

Alternatively, you can select the AI icon at the top-right corner and start chatting.

AI capabilities are currently limited in the free Preview.

Learn more about using AI Assist.