Revocation Monitoring

Certificate revocation list A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted. (CRL A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted.) and online certificate status protocol (OCSP) locations are configured in the Revocation Monitoring section of the Management Portal to allow for email notifications when CRLs are near or at expiration, and for display on the Revocation Monitoring dashboard (see Dashboard: Revocation Monitoring). When revocation notifications are sent via email, matching events are written to the Windows event log on the Keyfactor Command server. The alert time-frame is calculated based on the date that the CRL expires, rather than the Next Publish date. This allows for users to define their own alerts and log entries (thus determining their own definition of stale).

CRL monitoring and notification provides information on:

• The status of the CRL endpoint An endpoint is a URL that enables the API to gain access to resources on a server.'s responsiveness (e.g. is the file missing or the web site unreachable).
• Warning of upcoming expiration for a CRL.
• Notification of expired CRLs.

OCSP monitoring and notification provides only information on whether or not the OCSP endpoint is responsive. Expiration is not relevant for OSCP.