Supervision CRLS PKI

Brian A. Seklecki lavalamp at spiritual-machines.org
Tue Nov 3 19:07:07 CET 2009

Previous message: JBOSS
Next message: check_snmp_mem.pl and cisco fast memory
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 2009-10-16 at 17:51 +0200, ben amar wrote:
> 1) the expiry date of CRLS our PKI Root and emmetrices

The English is a bit broken here, but:

1) You can monitor the health of the "published CRL" by setting up
"check_http" to monitor the URL of your "Active Directory Service"
publication point (which is presumably some bullshit IIS plugin?) for
certain metrics (Last updated/Last Modified Date, Minimium size, etc.)

2) Our "check_ssl_cert.php" can validate the PKI chain is published by
the server (intermediary certs, etc.) and validate expiration date
thresholds.

We could also modify it's SSL Client to support OCSP/CRL validation.
I'll have to look at how OpenSSL does this.

~BAS

> 2) accessibility and the presence of our PKI CRLS published in our
> Active
> Directory


------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: JBOSS
Next message: check_snmp_mem.pl and cisco fast memory
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list