CAS Certificate Authority Test

There are three types of SSL Certificate available today; Extended Validation (EV SSL), Organization Validated (OV SSL) and Domain Validated (DV SSL). The encryption levels are the same for each certificate, what differs is the vetting and verification processes needed to obtain the certificate. Over the last few years the number of organizations using SSL Certificates has increased dramatically. The applications for which SSL is being used have also expanded. When the SSL certificates fail or issuing the SSL Certificates is delayed, users may not be able to access the requested applications in the environment. This may lead to poor user experience and sometimes may lead to loss of business. To improve the user experience, it is essential to keep track on the SSL certificates and figure out impending time delays in processing certificate requests. The CAS Certificate Authority test helps administrators in this regard!

This test auto-discovers the types of SSL certificates and for each type reports the certificate request processing ability. In the process, administrators can figure out the count of issued, pending and failed certificate requests processed per second. The request processing time is also captured using which administrators can figure out the certificate type that is taking too long to be processed.

Target of the test : Microsoft Certificate Authority Server

Agent deploying the test : An internal agent

Outputs of the test : One set of results for each type of certificate on the target Microsoft Certificate Authority Server that is being monitored

Configurable parameters for the test
Parameter Description

Test period

How often should the test be executed

Host

The IP address of the host for which this test is to be configured.

Port

The port at which the specified Host listens to. By default, this is 443.

Measurements made by the test
Measurement Description Measurement Unit Interpretation

Certificate requests processed

Indicates the number of certificate requests processed for this certificate type per second during the last measurement period.

Requests/sec

Compare the value of this measure across certificate types to figure out the certificate type for which maximum certificate requests were being processed.

Issued certificate requests processed

Indicates the number of issued certificate requests processed for this certificate type per second during the last measurement period.

Requests/sec

Compare the value of this measure across certificate types to figure out the certificate type for which maximum issued certificate requests were processed.

Pending certificate requests processed

Indicates the number of pending certificate requests processed for this certificate type per second during the last measurement period.

Requests/sec

Compare the value of this measure across certificate types to figure out the certificate type for which maximum certificate requests were pending to be processed.

Failed certificate requests processed

Indicates the number of certificate requests that failed to be processed per second for this certificate type during the last measurement period.

Requests/sec

Idelally, the value of this measure should be zero.

Compare the value of this measure across certificate types to figure out the certificate type for which maximum certificate requests failed to be processed.

Certificate requests processing time

Indicates the time taken to process a certificate request for this certificate type.

Seconds/request

A low value is desired for this measure.

A sudden/gradual increase in the value of this measure indicates processing delays in the server.

Cryptographic signing time

Indicates the time elapsed for signing operation per certificate request of this certificate type.

Seconds/request

A low value is desired for this measure.

Policy module processing time

Indicates the time elapsed for policy module processing per certificate request of this certificate type.

Seconds/request

A low value is desired for this measure.

Certificate retrieval requests processed

Indicates the rate at which the certificate retrieval requests were processed for this certificate type during the last measurement period.

Requests/sec

Compare the value of this measure to figure out the certificate type for which maximum number of certificate retrieval requests are processed.

Retrieval processing time

Indicates the time elapsed per certificate retrieval request for this certificate type.

Seconds/request

A low value is desired for this measure.

Certificate challenge responses processed

Indicates the rate at which the certificate challenge responses were processed for this certificate type.

Responses/sec

Compare the value of this measure to figure out the certificate type for which maximum number of certificate challenge responses were processed.

Challenge responses processing time

Indicates the time elapsed per certificate challenge response for this certificate type.

Seconds/request

A low value is desired for this measure.