What is CrlMonitor?

CrlMonitor is an easy to use tool that proactively monitors Certificate Revocation Lists (CRLs) to ensure they are available and up to date. If a CRL is unavailable or has not been updated by an expected time, CrlMonitor will issue an alert to notify you.

CrlMonitor Console

Key Features

CrlMonitor has several features including:

  • Easy to setup and configure
  • Sends alerts if CRL not available or not fresh
  • Sends alerts if CRL is corrupt
  • Provides detailed reports
  • Automated using Windows Scheduler


For the status of a certificate to be determined an up to date CRL must be available to the users of your PKI. If the CRL is not available or is stale (has expired) relying systems will start to fail. This can be extremely disruptive and in many environments can lead to a serious incident. For this reason, it is important to have proactive monitoring of your CRLs. CrlMonitor can reduce the risk of CRLs being allowed to go stale by periodically querying your CRLs to check for freshness and availability.

CrlMonitor is a pure .NET console application. Using a list of CRL URIs, CrlMonitor will report the expiration status of each CRL it finds. It provides detailed CSV reports of the CRL information collected; the report format is suitable for importing into other applications such as a spreadsheet or database. While running, CrlMonitor can write CRL details to a DOS command window to provide feedback on its progress. In addition, alerts and a summary report can be sent to one or more email recipients. CrlMonitor can be run manually from a DOS command window or called periodically by the Windows Scheduler.

CrlMonitor Reports

Each time CrlMonitor runs, it writes the pertinent details of all the CRLs it has retrieved during the scan to a report.

CrlMonitor Report

By looking down the ExpiryStatus column of a report, you can quickly get a handle on the status of all your CRLs. You can configure the number of days before CRL expiry the status in the report changes from OK to EXPIRING. The table below describes each of the fields from the report.

Table 1. Entropy Per Character for Character Pools
Field Heading Description
URL The URL of the CRL.
ThisUpdate The date when the CRL became valid
NextUpdate The date the next CRL should be issued by
DaysTillExpiry The number of complete days before the CRL expires.
ExpiryStatus One of the following: OK, EXPIRING, EXPIRED, ERROR