• 0

Monitoring a CRL (certificate revocation list)


Question

Morning!  I am super new to Logic Monitor having never used it before and now I do at this new job that I started back in December.  I'm here today because I've got a ticket to monitor our internal root CA CRL expiration. I see that LM can monitor SSL certs but can it do anything with a CRL specifically?

Thanks!!

  • Upvote 1
Link to post
Share on other sites

3 answers to this question

Recommended Posts

  • 1
  • Administrators

Hi @Skeer! Welcome to the community and LogicMonitor!

I'll start by giving the standard answers I give to questions like this. These aren't accusations, just meant to help guide your thinking around what to do in this case and other cases like it:

1. Have you searched through the installed DataSources in your portal to find out if any DataSources apply but aren't yet monitoring data because of missing credentials or some other reason? 
2. Have you searched the exchange to find any DataSources that might cover what you're looking for?
3. If existing DataSource(s) don't exist, you may need to build it. The question then becomes, how do you know about the CRL outside of LM? Do you manually pull up a list? What metrics are you looking for? If you can "monitor" it manually, the task merely becomes figuring out how to automate that manual process.

I don't have enough deep knowledge about SSL/TLS to really understand the goal, but feel free to educate me. I know several power users out here have built various different certificate centric DataSources, and one of them may fit the bill.

Link to post
Share on other sites
  • 1
  • Administrators

Ok, sounds like #3 is your best bet then. So not only thinking about how you monitor this through a system today, but also think about what you would do if you were the monitoring system and responsible for gathering the data. Identify the data you would gather and what steps you would go through to obtain the data. Then think about how you would automatically complete those steps. If that looks like a PowerShell script or a simple SNMP poll to some OIDs, figure out what they are. Then it's just a relatively simple task of building a LogicModule to complete those steps.

Link to post
Share on other sites
  • 0

Thanks Stuart. No I did not look anywhere yet. I mean I know we currently don't monitor or have any CRL's in play in our LM instance. I believe we have some SSL certs so there might be something there.. I did find a generic looking SSL/Cert module/plugin in the community Datasources.  I think this is kind of a special thing, can't pull up anything via Google on LM and CRLs.

Thanks for the pointers though!

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.