CRL Monitor can be configured to generate alerts (email and/or SMS) when the following events occur:

  • CRL fetch failed (Reason: Connection with CRL resources failed)
  • CRL fetch failed (Reason: CRL format is invalid)
  • The downloaded CRL's signature could not be verified for the configured CA.
  • The downloaded CRL has already expired; the current CRL in the database has also expired (so now no valid CRL exists in ADSS Server for this CA). s This is a serious event as the certificates from this CA can no longer be verified correctly by ADSS Server.
  • The downloaded CRL had already expired but the current CRL in the database is still valid.
    (i.e. perhaps a potential problem when the current CRL expires)
  • Successfully download a new CRL and saved it to the ADSS Server database.
  • The downloaded CRL is already present in the ADSS Server database (this will be typical in situations where ADSS Server is polling more frequently for CRLs than the CA is actually publishing)
  • CA fails to publish CRL according to CRL freshness policy (this is for those cases where the CA uses over-issued CRLs, but has failed to issue a new CRL based on its over-issue publishing policy)
  • When the master ADSS CRL Monitor instance becomes a slave.
  • CRL missed in a sequence (CRL number of newly downloaded CRL must be the next number in a sequence as compared to previous CRL)
  • Internal error occurred (Reason: database not available etc.)
  • If the service is unable to use the log signing key at the auto-archiving time. 
  • When archiving is successfully completed.


The system users that will receive these alerts can be defined within the CRL Monitor management screen. user email and SMS details are defined within the Access Control screens as users are registered.



The configuration items are as follows:


Items

Description

CRL fetch failed (Reason: Connection with CRL resource failed)

When this checkbox is enabled, an alert is triggered for the configured CAs and users whenever there is a failure to fetch CRLs due to connection issues with the CRL resource.

Failed to verify Signature Activation Data

When this alert is enabled, an alert is sent whenever verification of signature activation data (SAD) is failed.

Failed to generate key pair

When this alert is enabled, an alert is sent whenever system fails to create a user key pair. 

Internal error occurred

When enabled, an alert is sent whenever an internal error has occurred during the request processing (e.g. database was not accessible).

Unable to use log signing Key at auto-archiving time 

When enabled, an alert is generated for the system user(s), whenever system is unable to use the Log Signing Key at auto-archiving time.


Note: The Log Signing Key is configured in Global Settings module.

When archiving is performed 

When enabled, an alert is generated for the system user(s), whenever auto-archiving is performed.

CRL is about to expire

When this checkbox is enabled, an alert is triggered to the users for the configured CAs, indicating that the necessary CRL is nearing its expiration based on the configured settings, i.e., 'Number of days left before expiry' or 'Remaining percentage of CRL lifetime'. Both of these options are explained below:

  • Number of days left before expiry: When this option is selected, the user can set the number of days remaining until the CRL expires. This can be adjusted by entering the values in the fields below:
    • CRL expiry days: This field enables the users to set the number of days until the CRL expires.
    • Send alert after every hour(s): This field enables the users to specify the interval, in hours, at which the configured users will receive alerts.
  • Remaining percentage of CRL lifetime: When this option is selected, the user can set the remaining percentage of CRL lifetime, after which the users will start receiving the alerts for the configured CAs. This can be adjusted by entering the values in the fields below:
    • CRL expiry percentage: This field enables the users to set the remaining percentage of CRL lifetime.
    • Send alert after every hour(s): This field enables the users to specify the interval, in hours, at which the configured users will receive alerts.

Send alerts for these CAs

This drop-down enables the user to select the CAs for which the alerts will be sent. Once the CA is selected, its details (ID and name) will be displayed in a tabular format.

Select User

This drop-down enables the user to select who will receive the alerts. Once the user is selected, its details, including user ID, name, email address, role, and status, will be displayed in a tabular format.


See also

CRL Monitor Key Features
CRL Storage within ADSS Server
Proxy Settings and Digest Authentication

Service Manager
HA Configuration
Viewing CRL Details
CRL Monitoring
Instant Revocation
CRL Logs
Logs Archiving
Alerts
Advanced Settings