The disclosed computer-implemented method for determining reputations of digital certificate signers may include (i) identifying a group of endpoint devices that have accessed files to which a digital certificate signer has attached digital certificates that assert the files are legitimate, (ii) determining, for each endpoint device, whether a security state of the endpoint device is compromised or uncompromised based on a security analysis of computing events detected on the endpoint device, (iii) classifying the digital certificate signer as potentially malicious by determining that the files were accessed more frequently by endpoint devices with compromised security states than by endpoint devices with uncompromised security states, and (iv) protecting a security state of an additional endpoint device by preventing the additional endpoint device from accessing a file with a digital certificate signed by the digital certificate signer. Various other methods, systems, and computer-readable media are also disclosed.