ADSS CRL Monitor is responsible for retrieving CRLs from registered CAs within internal or external PKI systems. It provides advanced CRL Monitoring against defined sets of CRL URLs and can provide administrator alerts if any of these retrievals fail. The downloaded CRLs are used by other ADSS modules (e.g. the ADSS Verification, Signing, OCSP and XKMS services) to determine the status of certificates.

CRL Monitor extracts, and retains within the ADSS Server database, all revocation information from the CRLs, even expired CRLs. It is thus capable of determining the historical status of a certificate, i.e. was John Doe’s certificate valid on 14 August 2011 at 10:00 AM? This is an essential basis for providing historical signature verification services.

This section describes how CRL Monitor works and describes how to manage and view CRL related information within the module. The relevant parts of the Trust Manager module should be studied to understand how CRL related policy settings are made when registering CAs.

CRL Monitor is essentially a scheduler that polls the defined CRL addresses at configured intervals. The timeframe is based on either on the expiry time of the previous CRL or a defined time interval, e.g. every 15 minutes.


The following image shows CRL Monitor sub-modules, the details of which are given in the next sections:



See also

ADSS Server Knowledge Base

Welcome

Getting Started
Concepts & Architecture
ADSS RA Service
ADSS Certification Service
ADSS Signing Service
ADSS Go>Sign Service
ADSS RAS Service
ADSS SAM Service
ADSS CSP Service
ADSS TSA Service
ADSS Verification Service
ADSS OCSP Monitor
ADSS OCSP Service
ADSS SCVP Service
ADSS XKMS Service
ADSS LTANS Service
ADSS HMAC Service
ADSS Decryption Service
ADSS OCSP Repeater Service
ADSS NPKD Service
ADSS SPOC Service
Manage CAs
Key Manager
Trust Manager

TSL Monitor
ADSS CRL Monitor
Global Settings
Access Control
Client Manager
System Log Viewer
Server Manager
Approval Manager
Operational Management
Advanced Configuration