Supervision CRLS PKI
Brian A. Seklecki
lavalamp at spiritual-machines.org
Tue Nov 3 19:07:07 CET 2009
On Fri, 2009-10-16 at 17:51 +0200, ben amar wrote:
> 1) the expiry date of CRLS our PKI Root and emmetrices
The English is a bit broken here, but:
1) You can monitor the health of the "published CRL" by setting up
"check_http" to monitor the URL of your "Active Directory Service"
publication point (which is presumably some bullshit IIS plugin?) for
certain metrics (Last updated/Last Modified Date, Minimium size, etc.)
2) Our "check_ssl_cert.php" can validate the PKI chain is published by
the server (intermediary certs, etc.) and validate expiration date
thresholds.
We could also modify it's SSL Client to support OCSP/CRL validation.
I'll have to look at how OpenSSL does this.
~BAS
> 2) accessibility and the presence of our PKI CRLS published in our
> Active
> Directory
------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list