15 Apr
2014
15 Apr
'14
8:30 a.m.
Den 2014-04-15 4:24, deepak deore skrev:
Can we monitor SSL certificate's revoke status ?
There's no built-in test in Xymon for this.
Doing a bit of Google it seems that OpenSSL does have the necessary tools / code to perform an OCSP verification, but it is far from easy. (See http://backreference.org/2010/05/09/ocsp-verification-with-openssl/ for an explanation of the steps involved).
It does make sense to include this check in the "sslcert" status, but for now you will have to implement a custom check script to perform it.
Regards, Henrik