eG Monitoring
 

Measures reported by CASCertAuthTest

There are three types of SSL Certificate available today; Extended Validation (EV SSL), Organization Validated (OV SSL) and Domain Validated (DV SSL). The encryption levels are the same for each certificate, what differs is the vetting and verification processes needed to obtain the certificate. Over the last few years the number of organizations using SSL Certificates has increased dramatically. The applications for which SSL is being used have also expanded. When the SSL certificates fail or issuing the SSL Certificates is delayed, users may not be able to access the requested applications in the environment. This may lead to poor user experience and sometimes may lead to loss of business. To improve the user experience, it is essential to keep track on the SSL certificates and figure out impending time delays in processing certificate requests. The CASCertAuthTest test helps administrators in this regard!

This test auto-discovers the types of SSL certificates and for each type reports the certificate request processing ability. In the process, administrators can figure out the count of issued, pending and failed certificate requests processed per second. The request processing time is also captured using which administrators can figure out the certificate type that is taking too long to be processed.

Outputs of the test: One set of results each for the Microsoft Certificate Authority Server that is being monitored.

The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
Requests_sec Indicates the number of certificate requests processed for this certificate type per second during the last measurement period. Requests/sec Compare the value of this measure across certificate types to figure out the certificate type for which maximum certificate requests were being processed.
Issued_req_sec Indicates the number of issued certificate requests processed for this certificate type per second during the last measurement period. Requests/sec Compare the value of this measure across certificate types to figure out the certificate type for which maximum issued certificate requests were processed.
Pending_req_sec Indicates the number of pending certificate requests processed for this certificate type per second during the last measurement period. Requests/sec Compare the value of this measure across certificate types to figure out the certificate type for which maximum certificate requests were pending to be processed.
Failed_req_sec Indicates the number of certificate requests that failed to be processed per second for this certificate type during the last measurement period. Requests/sec Idelally, the value of this measure should be zero.

Compare the value of this measure across certificate types to figure out the certificate type for which maximum certificate requests failed to be processed.
Req_process_time Indicates the time taken to process a certificate request for this certificate type. Seconds/request A low value is desired for this measure.

A sudden/gradual increase in the value of this measure indicates processing delays in the server.
Req_crypt_sign_time Indicates the time elapsed for signing operation per certificate request of this certificate type. Seconds/request A low value is desired for this measure.
Req_poli_mod_pro_time Indicates the time elapsed for policy module processing per certificate request of this certificate type. Seconds/request A low value is desired for this measure.
Retrieval_sec Indicates the rate at which the certificate retrieval requests were processed for this certificate type during the last measurement period. Requests/sec Compare the value of this measure to figure out the certificate type for which maximum number of certificate retrieval requests are processed.
Pending_req_sec Indicates the time elapsed per certificate retrieval request for this certificate type. Seconds/request A low value is desired for this measure.
challenge_res_sec Indicates the rate at which the certificate challenge responses were processed for this certificate type. Responses/sec Compare the value of this measure to figure out the certificate type for which maximum number of certificate challenge responses were processed.
challenge_res_pro_time Indicates the time elapsed per certificate challenge response for this certificate type. Seconds/request A low value is desired for this measure.