Signed Audit Log
Chapter
7
Administrative Basics
281
3.
Use the Certificate Setup Wizard to obtain a certificate request for the private
keys and certificates that will be used to sign the log files. When running the
certificate wizard, specify that the request is of type Other, and request that the
output be a certificate request in PKCS#10 format. See “Certificate Setup
Wizard,” on page 298 for information about using the Certificate Setup Wizard
to generate requests.
4.
Submit the PKCS#10 request generated in the previous step to the profile
enrollment for auditor certificates in the end-entity interface of the Certificate
Manager that will issue the certificate.
5.
Set up the signed audit log—it is disabled by default—by setting it up in
Netscape Console. Follow the procedure in the section “Configuring Logs in
the CMS Console,” on page 270. Specify the nickname of the log you received
in the previous step as the value of the
signedAuditCertNickname
parameter
and specify the events that will be logged in the events parameter.
6.
Assign auditor users, if you have not done so, by creating the user and
assigning them to the auditor group. Members of the auditor group are the
only users who can view and verify the signed audit log. See “Setting up
Administrators, Agents, and Auditors,” on page 330 for details about setting
up auditors.
7.
Auditors can view signed audit logs by viewing them from the IT
environment.
8.
Auditors can verify logs by using the
AuditVerify
tool. See the CMS
Command-Line Tools Guide for details about using this tool.
Audit Logging Failures
There are events that could cause the audit logging function to fail. In other words,
events cannot be written to the log. For example, when the file system containing
the audit log file is full or when the file permissions for the log file is accidentally
changed. If audit logging fails, CMS will shut down in the following manner:
•
Servlets are disabled and will not processes new requests.
•
All pending and new requests are killed.
•
The CMS subsystem is shut down.
Summary of Contents for Certificate Management System 6.1
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Page 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Page 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Page 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Page 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Page 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Page 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...