CrlMonitor
Built for people who manage PKIs
What is CrlMonitor?
CrlMonitor is an easy to use tool that proactively monitors Certificate Revocation Lists (CRLs) to ensure they are available and up to date. If a CRL is unavailable or has not been updated by an expected time, CrlMonitor will issue an alert to notify you.
Key Features
CrlMonitor has several features including:
- Easy to setup and configure
- Sends alerts if CRL not available or not fresh
- Sends alerts if CRL is corrupt
- Provides detailed reports
- Automated using Windows Scheduler
Overview
For the status of a certificate to be determined an up to date CRL must be available to the users of your PKI. If the CRL is not available or is stale (has expired) relying systems will start to fail. This can be extremely disruptive and in many environments can lead to a serious incident. For this reason, it is important to have proactive monitoring of your CRLs. CrlMonitor can reduce the risk of CRLs being allowed to go stale by periodically querying your CRLs to check for freshness and availability.
CrlMonitor is a pure .NET console application. Using a list of CRL URIs, CrlMonitor will report the expiration status of each CRL it finds. It provides detailed CSV reports of the CRL information collected; the report format is suitable for importing into other applications such as a spreadsheet or database. While running, CrlMonitor can write CRL details to a DOS command window to provide feedback on its progress. In addition, alerts and a summary report can be sent to one or more email recipients. CrlMonitor can be run manually from a DOS command window or called periodically by the Windows Scheduler.
CrlMonitor Reports
Each time CrlMonitor runs, it writes the pertinent details of all the CRLs it has retrieved during the scan to a report.
By looking down the ExpiryStatus column of a report, you can quickly get a handle on the status of all your CRLs. You can configure the number of days before CRL expiry the status in the report changes from OK to EXPIRING. The table below describes each of the fields from the report.
| Field Heading | Description | |||
|---|---|---|---|---|
| URL | The URL of the CRL. | |||
| ThisUpdate | The date when the CRL became valid | |||
| NextUpdate | The date the next CRL should be issued by | |||
| DaysTillExpiry | The number of complete days before the CRL expires. | |||
| ExpiryStatus | One of the following: OK, EXPIRING, EXPIRED, ERROR | |||