Monitoring for Compliance in Revoked Certificates

A Certificate Revocation List, or CRL, is a list containing digital certificates that have been revoked. Revoking a certificate is a manual process, by which a certificate is declared invalid (for any number of reasons), even before its expiration date. Having a CRL is essential for compliance, and for having a complete picture of the organization’s certificate infrastructure.

Automating CRL Monitoring with AppViewX

All Microsoft CRLs have three fields that need to be maintained: Effective Date, Next Update, and Next CRL Publish

· Effective Date (mandatory) indicates the start time when CRL becomes valid,

· Next Update (also mandatory) indicates the date when the CRL expires, and

· Next CRL Publish Date/Time (optional) provides the date and time when a CA issues the new CRL

If the date and time in the Next CRL Publish field is in the past, AppViewX will issue an alert, indicating that the CA has failed to issue a new CRL.

Users can view the properties of the Microsoft CRL in the AppViewX Dashboard. AppViewX regularly scans the CRLs to update the Dashboard widget with its current status, alerting the user if it becomes non-compliant. Each CRL’s compliance status is clearly displayed on the Dashboard, adding transparency and streamlining the process of managing certificates across the enterprise — even revoked ones.