-
Notifications
You must be signed in to change notification settings - Fork 139
CMC_SIGNED_REQUEST_SIG_VERIFY Audit Event
The CMC_SIGNED_REQUEST_SIG_VERIFY
audit event is generated when a CMC (agent-pre-signed) certificate enrollment or revocation request is submitted and signature is verified.
Properties:
-
SubjectID
must be the UID of the person who submits the certificate enrollment or revocation request -
ReqType
must be the request type (enrollment, or revocation) -
CertSubject
must be the certificate subject name of the certificate request -
SignerInfo
reflects the person who actually signs the CMC request
By default only failed events will be logged.
To log all events, remove the following parameter from CS.cfg
:
log.instance.SignedAudit.filters.CMC_SIGNED_REQUEST_SIG_VERIFY=(Outcome=*)
Use CMC to issue subordinate CA certificates:
-
Install a root CA.
-
Remove
log.instance.SignedAudit.filters.CMC_SIGNED_REQUEST_SIG_VERIFY
parameter fromCS.cfg
. -
Install a subordinate CA with external CA signing certificate. Use CMC on the root CA to issue the subordinate CA signing certificate.
The root CA will generate the following events:
[AuditEvent=CMC_SIGNED_REQUEST_SIG_VERIFY][SubjectID=CN=PKI Administrator,E=caad [email protected],OU=pki-tomcat,O=ROOT][Outcome=Success][ReqType=enrollment][CertS ubject=CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE][SignerInfo=CN=PKI Admi nistrator,[email protected],OU=pki-tomcat,O=ROOT] agent signed CMC request s ignature verification
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |