> What I did in my project here was to set up a monitoring > script that periodically fetches the published CRL (from LDAP > via ldapsearch or from HTTP server via wget), parses the CRL > using 'openssl crl - nextupdate ...' and verifying if the > remaining validity is greater than a certain threshold. Raise > a monitoring alert if it isn't. > Not too difficult to implement using shell scripting or Perl. > This approach has the advantage that you don't rely on OpenCA > to notice something is wrong, this way you will catch > problems in the distribution infrastructure as well.
Well maybe you can provide this script for public ;) Regards Til
smime.p7s
Description: S/MIME cryptographic signature
