CRL Monitor Overview
Certificate Revocation Lists (CRLs) contain vital information on the revocation status of digital certificates and as such the availability of valid CRLs is essential for normal operation of trust infrastructures. CRLs also form the legal basis for checking the validity and trustworthiness of issued certificates and therefore directly impact the liability model of a PKI system.
Ascertia CRL Monitor provides automated monitoring for multiple CRL issuers, it provides effective management reporting, failure alerting through email and SMS and other advanced options. CRL Monitor is an essential tool that helps prevent infrastructure failures having a very substantial downstream impact on service users.
CRL Monitor is a marketing name for ADSS Server when its CRL Manager service module is licensed for such a monitoring task.
Why use CRL Monitor?
- Monitor your CRLs to ensure that they are “fresh” i.e. not expired and are being updated as expected
- Check CRLs for their integrity and availability, i.e. that there is no file corruption either through a publishing failure, an operational issue or even an attack on the core trust infrastructure
- Check that the correct CA has signed production CRLs, includes support for verifying indirect CRLs
- Check CRLs from multiple issuers and URL locations at regular pre-configured intervals on a per CA basis
- Ensure high availability by using multiple monitors to ensure there is no single point of failure
- Select which members of staff receive error and summary reports by email and/or phone SMS
- Produce management reports to provide evidence of SLA performance
- Be able to download CRLs and publish them locally to avoid single point failures and reduce network bandwidth for large enterprises
- Retain a secure and searchable archive of all CRLs that were retrieved, for management information and dispute resolution purposes
- CRL Monitor is a service module within ADSS Server and is thus available on Windows and Unix systems
- CRL Monitor has been tested and certified by the US DoD JITC - it is an essential part of the Ascertia ADSS OCSP Server product