Alerts
CRL Monitor can be configured to generate alerts (email and/or SMS) when the following events occur:
- CRL fetch failed (Reason: Connection with CRL resources failed).
- CRL fetch failed (Reason: CRL format is invalid)
- The downloaded CRL's signature could not be verified for the configured CA
- The downloaded CRL has already expired; the current CRL in the database has also expired (so now no valid CRL exists in ADSS Server for this CA). This is a serious event as the certificates from this CA can no longer be verified correctly by ADSS Server.
- The downloaded CRL had already expired but the current CRL in the database is still valid
(i.e. perhaps a potential problem when the current CRL expires) - Successfully download a new CRL and saved it to the ADSS Server database.
- The downloaded CRL is already present in the ADSS Server database (this will be typical in situations where ADSS Server is polling more frequently for CRLs than the CA is actually publishing)
- CA fails to publish CRL according to CRL freshness policy (this is for those cases where the CA uses over-issued CRLs, but has failed to issue a new CRL based on its over-issue publishing policy)
- When the Primary ADSS CRL Monitor instance becomes Secondary.
- CRL missed in a sequence (CRL number of newly downloaded CRL must be the next number in a sequence as compared to previous CRL)
- Internal error occurred (Reason: database not available etc.)
- If the service is unable to use the log signing key at the auto-archiving time
- When archiving is successfully completed.
The system operators that will receive these alerts can be defined within the CRL Monitor management screen. Operator email and SMS details are defined within the Access Control screens as operators are registered.
See also
CRL Monitor Key Features
CRL Storage within ADSS Server
Proxy Settings and Digest Authentication
Using the Service Manager
High Availability for CRL Monitor
Viewing CRL Details
CRL Monitoring
Instant Revocation
CRL Logs
Logs Archiving
Management Reporting