eG Monitoring
 

Measures reported by CtxFASMSCertTest

A certification authority (CA) is responsible for attesting to the identity of users, computers, and organizations. The CA authenticates an entity and vouches for that identity by issuing a digitally signed certificate. The CA can also manage, revoke, and renew certificates.

Sometimes, one/more CAs in a domain may be unreachable for authenticating user logins. If user logins fail or if login authentication is delayed unduly, then administrators must be able to tell if it is owing to an inaccessible CA.

Also, when a certificate request is generated on CFAS using a template, the administration console sends it to a certificate authority that publishes that template. If a CA does not publish any template, very often it is because no requests were generated using any template that CA publishes; not because, the CA could not be contacted. Administrators however, tend to wrongly attribute the absence of templates to publish to the unavailability of the CA. With the help of the CtxFASMSCertTest test, administrators can finally set the record straight!

This test takes stock of all the CAs installed in the CFAS domain. The test then periodically checks whether/not every CA is accessible, and alerts administrators to the inaccessiblity of any CA. This way, if a CA is not publishing templates, then administrators can figure out if it is because there are no templates to publish or because the CA is unreachable. Additionally, for each CA, the test reports whether/not it is the default/primary CA.

Output of the Test: One set of the results for each Microsoft CA installed in the CFAS domain

The measures made by this test are as follows:

Measurement Description Measurement Unit Interpretation
Is_Accessible Indicates whether/not the CA is accessible.   If the CA is accessible, then this measure will report the value Yes. If the CA is inaccessible, then this measure will report the value No.

The numeric values that correspond to these measure values are listed in the table below:

Measure Value Numeric Value
Yes 1
No 0

Note:

By default, this measure will report the Measure Values listed in the table above to indicate whether/not the certificate can be used as an insession Virtual Smart Card. However, in the graph of this measure, the same will be indicated using the numeric equivalents only.

Use the detailed diagnosis of this measure to know which templates were published by the CA.
Is_Default Indicates whether/not this CA is the default/primary CA.   The numeric values that correspond to these measure values are listed in the table below:

Measure Value Numeric Value
Yes 1
No 0

Note:

By default, this measure will report the Measure Values listed in the table above to indicate whether the certificate is default or primary. However, in the graph of this measure, the same will be indicated using the numeric equivalents only.