Hi Til,
What I did in my project here was to set up a monitoring
script that periodically fetches the published CRL (from LDAP
via ldapsearch or from HTTP server via wget), parses the CRL
using 'openssl crl - nextupdate ...' and verifying if the
remaining validity is greater than a certain threshold. Raise
a monitoring alert if it isn't.
Not too difficult to implement using shell scripting or Perl.
This approach has the advantage that you don't rely on OpenCA
to notice something is wrong, this way you will catch
problems in the distribution infrastructure as well.
Well maybe you can provide this script for public ;)
OK, I just asked my client and I am free to publish this publicly.
The ldap check is in fact only one single part of the check system. I
have created an infrastructure that can easily be extended with more
checks and that easliy connects to monitoring systems.
I'll try to create a distribution tarball and publish the archive on
my own web site. I will post a message to this list when I am done.
cheers
Martin
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=103432&bid=230486&dat=121642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
