ADSS CRL Monitor

Continuous Monitoring & Alerting of CRL Issuers

Ensuring correctness & availability of CRLs

Certificate Revocation Lists (CRLs) contain vital information on the revocation status of digital certificates and as such the availability of valid CRLs is essential for normal operation of trust infrastructures. CRLs also form the legal basis for checking the validity and trustworthiness of issued certificates and therefore directly impact the liability model of a PKI system.

Ascertia CRL Monitor provides automated monitoring for multiple CRL issuers, it provides effective management reporting, failure alerting through email and SMS and other advanced options. CRL Monitor is an essential tool that helps prevent infrastructure failures having a very substantial downstream impact on service users.

CRL Monitor is a marketing name for ADSS Server when its CRL Manager service module is licensed for such a monitoring task.

FEATURES & BENEFITS

All popular CRL formats

CRL Monitor supports X.509 v1 and v2 CRLs, including direct and indirect CRLs, Entrust® partitioned CRLs, segmented CRLs, ARLs, delta CRLs, over-issued CRLs and emergency CRLs.

Local publishing of CRLs

In some cases it is desirable to be able to download CRLs and then publish them locally to avoid a single point of failure, reduce network bandwidth for large enterprises and meet local security policies. CRL monitor allows such re-publishing of CRLs.

Easy configuration

CRL Monitor has an advanced web-based GUI to help set-up trusted CAs and their CRL processing policies.

Why use CRL monitor?

Monitor your CRLs to ensure that they are “fresh” i.e. not expired and are being updated as expected
Check CRLs for their integrity and availability, i.e. that there is no file corruption either through a publishing failure, an operational issue or even an attack on the core trust infrastructure
Check that the correct CA has signed production CRLs, includes support for verifying indirect CRLs
Check CRLs from multiple issuers and URL locations (HTTP/S and LDAP/S) at regular pre-configured intervals on a per CA basis
Check complete X.509 CRLs, partitioned CRLs, Delta CRLs, Indirect CRLs, over-issued CRLs, emergency CRLs and ARLs
Ensure high availability by using multiple CRL Monitors to ensure there is no single point of failure
Select which members of staff receive error and summary reports by email and/or phone SMS
Produce management reports to provide evidence of SLA performance
Be able to download CRLs and publish them locally to avoid single point failures and reduce network bandwidth for large enterprises
Retain a secure and searchable archive of all CRLs that were retrieved, for management information and dispute resolution purposes
CRL Monitor is a service module within ADSS Server and is thus available on Windows and Unix systems
CRL Monitor has been tested and certified by the US DoD JITC, FIPS 201 and CWA 14167-1. These certifications are part of Ascertia ADSS OCSP Server product of which CRL Monitor is an integral part.
Ascertia is a global leader in delivering functionally rich, easy to deploy e-security solutions. We pride ourselves in being easy and efficient to deal with.
Ascertia is a global leader in delivering functionally rich, easy to deploy e-security solutions. We pride ourselves in being easy and efficient to deal with.