Revocation Monitoring

Certificate revocation listClosed A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted. (CRLClosed A Certificate Revocation List (CRL) is a list of digital certificates that have been revoked by the issuing Certificate Authority (CA) before their scheduled expiration date and should no longer be trusted.) and online certificate status protocol (OCSP) locations are configured in the Revocation Monitoring section of the Management Portal to allow for email notifications when CRLs are near or at expiration, and for display on the Revocation Monitoring dashboard (see Dashboard: Revocation Monitoring). When revocation notifications are sent via email, matching events are written to the Windows event log on the Keyfactor Command server. The alert time-frame is calculated based on the date that the CRL expires, rather than the Next Publish date. This allows for users to define their own alerts and log entries (thus determining their own definition of stale).

CRL monitoring and notification provides information on:

OCSP monitoring and notification provides only information on whether or not the OCSP endpoint is responsive. Expiration is not relevant for OSCP.

Tip:  Click the help icon () next to the Revocation Monitoring page title to open the embedded web copy of the Keyfactor Command Documentation Suite to this section.

You can also find the help icon at the top of the page next to the Log Out button. From here you can choose to open either the Keyfactor Command Documentation Suite at the home page or the Keyfactor API Endpoint Utility.