ADSS CRL Monitor
Ensuring correctness & availability of CRLs
Certificate Revocation Lists (CRLs) contain vital information on the revocation status of digital certificates and as such the availability of valid CRLs is essential for normal operation of trust infrastructures. CRLs also form the legal basis for checking the validity and trustworthiness of issued certificates and therefore directly impact the liability model of a PKI system.
Ascertia CRL Monitor provides automated monitoring for multiple CRL issuers, it provides effective management reporting, failure alerting through email and SMS and other advanced options. CRL Monitor is an essential tool that helps prevent infrastructure failures having a very substantial downstream impact on service users.
CRL Monitor is a marketing name for ADSS Server when its CRL Manager service module is licensed for such a monitoring task.
FEATURES & BENEFITS
All popular CRL formats
CRL Monitor supports X.509 v1 and v2 CRLs, including direct and indirect CRLs, Entrust® partitioned CRLs, segmented CRLs, ARLs, delta CRLs, over-issued CRLs and emergency CRLs.
Local publishing of CRLs
In some cases it is desirable to be able to download CRLs and then publish them locally to avoid a single point of failure, reduce network bandwidth for large enterprises and meet local security policies. CRL monitor allows such re-publishing of CRLs.
Easy configuration
CRL Monitor has an advanced web-based GUI to help set-up trusted CAs and their CRL processing policies.
Everything you need to get started
Why use CRL monitor?
Monitor your CRLs to ensure that they are “fresh” i.e. not expired and are being updated as expected
Check CRLs for their integrity and availability, i.e. that there is no file corruption either through a publishing failure, an operational issue or even an attack on the core trust infrastructure
Check that the correct CA has signed production CRLs, includes support for verifying indirect CRLs
Check CRLs from multiple issuers and URL locations (HTTP/S and LDAP/S) at regular pre-configured intervals on a per CA basis
Check complete X.509 CRLs, partitioned CRLs, Delta CRLs, Indirect CRLs, over-issued CRLs, emergency CRLs and ARLs
Ensure high availability by using multiple CRL Monitors to ensure there is no single point of failure
Select which members of staff receive error and summary reports by email and/or phone SMS
Produce management reports to provide evidence of SLA performance
Be able to download CRLs and publish them locally to avoid single point failures and reduce network bandwidth for large enterprises
Retain a secure and searchable archive of all CRLs that were retrieved, for management information and dispute resolution purposes
CRL Monitor is a service module within ADSS Server and is thus available on Windows and Unix systems
CRL Monitor has been tested and certified by the US DoD JITC, FIPS 201 and CWA 14167-1. These certifications are part of Ascertia ADSS OCSP Server product of which CRL Monitor is an integral part.