[Xymon] SSL OCSP monitoring

Henrik Størner henrik at hswn.dk
Tue Apr 15 10:30:04 CEST 2014


 

Den 2014-04-15 4:24, deepak deore skrev: 

> Can we monitor SSL
certificate's revoke status ?

There's no built-in test in Xymon for
this. 

Doing a bit of Google it seems that OpenSSL does have the
necessary tools / code to perform an OCSP verification, but it is far
from easy. (See
http://backreference.org/2010/05/09/ocsp-verification-with-openssl/ for
an explanation of the steps involved). 

It does make sense to include
this check in the "sslcert" status, but for now you will have to
implement a custom check script to perform it. 

Regards,
Henrik 

 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20140415/6dbf2eeb/attachment.html>


More information about the Xymon mailing list