CRL Monitor

Purpose-built monitoring and alerting for Certificate Revocation Lists — built to prevent PKI outages before they happen.

Protect your PKI from outages by ensuring your CRLs remain fresh and available.

Download Free Trial

Why CRL Monitoring Matters

For a certificate's status to be trusted, an up-to-date CRL must be available. If a CRL becomes unreachable or stale, relying systems begin to fail — often triggering widespread outages. CRL Monitor prevents this by automatically checking CRL freshness, availability, and signature validity, ensuring your PKI stays healthy. CRL availability issues are a common root cause of unexpected authentication failures in enterprise systems.

Who Uses CRL Monitor?

Designed for PKI teams, SecOps teams, system administrators, and organisations that rely on CRL-based revocation checking across internal or external services.

Proactive Alerting

Prevent serious incidents by receiving timely email alerts before problems affect your systems.

  • Security: Validates digital signatures to detect spoofing or corruption.
  • Availability: Instantly reports network timeouts, HTTP 404s, or LDAP errors.
  • Freshness: Monitors “Next Update” fields to warn you before CRLs expire.
  • Smart Cooldowns: Configurable silence periods prevent inbox flooding.
  • State Tracking: Records last successful fetch for each CRL and remembers previous alerts to avoid repeat notifications during persistent outages.

Flexible Reporting

Get the data you need, where you need it. Reporting and alerting run independently, so scheduled reports and real-time alerts never overlap.

  • HTML Dashboard: Publish to a web folder or intranet path for an always-on status board.
  • CSV Attachments: Detailed machine-readable logs attached directly to email reports.
  • Smart Emails: Notifications include status summaries and direct links to your hosted dashboard.
  • Output on your terms: Generates clean HTML and CSV reports exactly where you choose, without storing history unless you explicitly enable timestamped output.

Simple Setup

Deploy in minutes using a modern, infrastructure-as-code friendly JSON configuration:

1 Extract the release to a folder
2 Edit config.json to add URIs
3 Run CrlMonitor.exe

Supports HTTP, LDAP, and File paths. Automate easily via Windows Task Scheduler.

Fully supports environment variables for clean enterprise deployments.

Automatically validates your configuration and highlights any issues before running.

What Our Customers Say

"...it works fine, in command prompt and with task scheduler. CRL monitor is the tool we were looking for, now for us the installation is complete and productive. Thank you for your superb support!"

Hans Probst

Swiss Mobiliar Insurance Company Ltd

The PKI Health Dashboard

CRL Monitor automatically generates a comprehensive, clear HTML report which provides an instant, digestible overview of your PKI health, including all critical freshness, availability, and signature metrics. Publish it to your intranet for an always-on status dashboard.

Click either screenshot to open a full-size preview.

Ready to protect your PKI?

Get started with a free 30-day trial.

Download Free Trial

View Release Checksums