Uses PMA distribution as info source
Checks CA certs and produces warnings
Checks CRL availability and lifetime
Improvised 'host' checking - Tries opening TCP connection with the protocol/server for CRL.
Checks local infrastructure - Used for dependencies: no warning should be sent for a local problem.
CA Cert -> Local DNS -> Remote DNS
Network Infrastructure -> Transportation Layer
(Possibly using SSL)
local resources
(possible timeouts)
Current state of affairs: http://signet-ca.ijs.si/nagios/
User login per CA
Certificate and password based authentication
Direct mail notification for CA admins
CA Monitor mailing list (relying parties, archive) grid-ca-monitor@ijs.si (archived read-only list)
Improving plugin quality
Check frequency
Current: 6 hours. Proposed: 15 minutes.
DNS chain checking
Checking of all available CRL URLs
Report escalation: SMS notifications
Deployment of additional monitors
Checking af all available CRL URLs
CRL version, features, statistics
Checking of OCSP responders
WEB GUI addon: traceroute
Check frequency (also SCSP responders)
OCSP address when not in CA Certificate
User permissions for monitor GUI
Service response improvement: mobile accessibility
...
Coffee or Tea Time?
Presentation: http://www-f9.ijs.si/~jona/ca-monitor/pma2006/
Previous: http://www-f9.ijs.si/~jona/ca-monitor/pma2005/
CA-Monitor: http://signet-ca.ijs.si/nagios/
Notification list: grid-ca-monitor@ijs.si or http://mailman.ijs.si/mailman/listinfo/grid-ca-monitor
Software distribution: http://www-f9.ijs.si/~jona/ca-monitor/
Readme: http://www-f9.ijs.si/~jona/ca-monitor/README-0.1b.txt