SSL OCSP monitoring - Xymon - Xymon mailman web

newer
DEVMON on cisco 3750

SSL OCSP monitoring

older
Create historical data

deepakdeore2004＠gmail.com

15 Apr 2014 15 Apr '14

2:24 a.m.

Hi,

Can we monitor SSL certificate's revoke status ?

Thanks, Deepak

Reply

Sign in to reply online Use email software

Show replies by date

Phil.Crooker＠orix.com.au

15 Apr 15 Apr

5:37 a.m.

I think the HTTP tests (see the hosts.cfg man page) cover this, I know it alarms when a certificate is out of date.

From: Xymon on behalf of deepak deore Sent: Tuesday, 15 April 2014 11:54 AM To: xymon at xymon.com Subject: [Xymon] SSL OCSP monitoring

Hi,

Can we monitor SSL certificate's revoke status ?

Thanks, Deepak

Reply

Sign in to reply online Use email software

henrik＠hswn.dk

8:30 a.m.

Den 2014-04-15 4:24, deepak deore skrev:

Can we monitor SSL certificate's revoke status ?

There's no built-in test in Xymon for this.

Doing a bit of Google it seems that OpenSSL does have the necessary tools / code to perform an OCSP verification, but it is far from easy. (See http://backreference.org/2010/05/09/ocsp-verification-with-openssl/ for an explanation of the steps involved).

It does make sense to include this check in the "sslcert" status, but for now you will have to implement a custom check script to perform it.

Regards, Henrik

Reply

Sign in to reply online Use email software

4453

Age (days ago)

4453

Last active (days ago)

Download

2 comments

3 participants

tags

participants (3)

deepakdeore2004＠gmail.com
henrik＠hswn.dk
Phil.Crooker＠orix.com.au