Purpose: The purpose of this manual is to assist users in configuring PRTG Network Monitor to monitor SSL/TLS certificate revocation list expiration. By monitoring CRL expiration, users can ensure that SSL/TLS certificates remain valid and trustworthy, thereby enhancing the security posture of their network infrastructure.

Prerequisites:

1. Access to a PRTG Network Monitor instance.
2. Basic understanding of SSL/TLS certificates, certificate authorities, and Certificate Revocation Lists (CRLs).
3. Credentials for accessing the target servers hosting CRLs.

Steps:

1. Add SSL/TLS Sensor:

   • Log in to your PRTG Network Monitor instance.
   • Navigate to the device you want to monitor.
   • Click on "Add Sensor" and search for "SSL/TLS Certificate Sensor".
   • Select the sensor and proceed to configure it.

2. Configure Sensor Settings:

   • Enter a name for the sensor to identify it easily.
   • Choose the target server hosting the CRL you want to monitor.
   • Specify the port number for accessing the CRL (default is 80 or 443).
   • Optionally, configure advanced sensor settings such as timeout and scanning interval.

3. Specify CRL Expiration Monitoring:

   • In the sensor settings, locate the option to specify the CRL expiration monitoring.
   • Select the CRL expiration threshold (e.g., number of days before expiration) that triggers a warning or error.
   • Define warning and error thresholds based on your organization's security requirements.

4. Set Thresholds and Notifications:

   • Define warning and error thresholds for CRL expiration.
   • Configure notification settings to receive alerts when CRL expiration thresholds are breached.
   • Ensure notifications reach the appropriate stakeholders for timely action.

5. Review and Save Settings:

   • Double-check all configured settings to ensure accuracy.
   • Save the sensor configuration to start monitoring CRL expiration immediately.

6. Monitor Results:

   • Monitor the sensor results in the PRTG web interface.
   • Review CRL expiration metrics and status regularly.
   • Investigate any warnings or errors to ensure timely renewal or replacement of expiring CRLs.

Best Practices:

• Regularly monitor CRL expiration to ensure that SSL/TLS certificates remain valid and trustworthy.
• Maintain a schedule for renewing or replacing expiring CRLs to minimize security risks.
• Configure dependencies to ensure accurate monitoring and reduce false alerts.
• Periodically review and adjust threshold settings based on evolving security requirements.

By following these steps, you can effectively monitor SSL/TLS certificate revocation list (CRL) expiration using PRTG Network Monitor. Monitoring CRL expiration ensures the continued trustworthiness of SSL/TLS certificates, thereby enhancing the security posture of your network infrastructure. Leveraging PRTG's SSL/TLS certificate sensor capabilities provides visibility into CRL expiration status and facilitates proactive security management.