ADSS CRL Monitor
- Continuous Monitoring & Alerting of CRL Issuers
ADSS CRL Monitor
Certificate Revocation Lists (CRLs) contain vital information on the revocation status of digital certificates and as such the availability of valid CRLs is essential for normal operation of trust infrastructures. CRLs also form the legal basis for checking the validity and trustworthiness of issued certificates and therefore directly impact the liability model of a PKI system.
Ascertia CRL Monitor provides automated monitoring for multiple CRL issuers, it provides effective management reporting, failure alerting through email and SMS and other advanced options. CRL Monitor is an essential tool that helps prevent infrastructure failures having a very substantial downstream impact on service users.
CRL Monitor is a marketing name for ADSS Server when its CRL Manager service module is licensed for such a monitoring task.
CRL Monitor supports X.509 v1 and v2 CRLs, including direct and indirect CRLs, Entrust® partitioned CRLs, segmented CRLs, ARLs, delta CRLs, over-issued CRLs and emergency CRLs.
In some cases it is desirable to be able to download CRLs and then publish them locally to avoid a single point of failure, reduce network bandwidth for large enterprises and meet local security policies. CRL monitor allows such re-publishing of CRLs.
CRL Monitor has an advanced web-based GUI to help set-up trusted CAs and their CRL processing policies.
Monitor your CRLs to ensure that they are “fresh” i.e. not expired and are being updated as expected.
Check CRLs for their integrity and availability, i.e. that there is no file corruption either through a publishing failure, an operational issue or even an attack on the core trust infrastructure.
Check that the correct CA has signed production CRLs, includes support for verifying indirect CRLs.
Check CRLs from multiple issuers and URL locations (HTTP/S and LDAP/S) at regular pre-configured intervals on a per CA basis.
Check complete X.509 CRLs, partitioned CRLs, Delta CRLs, Indirect CRLs, over-issued CRLs, emergency CRLs and ARLs.
Ensure high availability by using multiple CRL Monitors to ensure there is no single point of failure.
Select which members of staff receive error and summary reports by email and/or phone SMS.
Produce management reports to provide evidence of SLA performance.
Be able to download CRLs and publish them locally to avoid single point failures and reduce network bandwidth for large enterprises.
Retain a secure and searchable archive of all CRLs that were retrieved, for management information and dispute resolution purposes.
CRL Monitor is a service module within ADSS Server and is thus available on Windows and Unix systems.
CRL Monitor has been tested and certified by the US DoD JITC, FIPS 201 and CWA 14167-1. These certifications are part of Ascertia ADSS OCSP Server product of which CRL Monitor is an integral part.