CA Audit Events

Overview

CA audit events can be configured in log.instance.SignedAudit.events property.

Default Events

• Default CA Audit Events

• PKI 10.6 Default CA Audit Events

• PKI 10.5 Default CA Audit Events

Startup Events

There are two types of CAs:

• the host CA is the primary CA that runs in the CA subsystem

• Lightweight CA are subordinate CAs under the host CA that are also running in the same CA subsystem

Each of the above CA’s has a unique ID called '''authority ID'''. For host CA, the authority ID can be omitted.

When the PKI server is started, the server will generate signing info logs for each CA to indicate which keys are used for certificate signing, OCSP signing, and CRL signing. When a new lightweight sub-CA is added, the server will also generate the signing info logs for the new sub-CA.

• CERT_SIGNING_INFO

• OCSP_SIGNING_INFO

• CRL_SIGNING_INFO

Configuration Events

• CONFIG_CRL_PROFILE

• CONFIG_CERT_PROFILE

Certificate Events

• PROFILE_CERT_REQUEST

• CERT_PROFILE_APPROVAL

• CERT_REQUEST_PROCESSED

• CERT_STATUS_CHANGE_REQUEST

• CERT_STATUS_CHANGE_REQUEST_PROCESSED

• CMC_SIGNED_REQUEST_SIG_VERIFY

CRL Events

• SCHEDULE_CRL_GENERATION

• DELTA_CRL_GENERATION

• DELTA_CRL_PUBLISHING

• FULL_CRL_GENERATION

• FULL_CRL_PUBLISHING

• CRL_RETRIEVAL

• CRL_VALIDATION

OCSP Events

• OCSP_GENERATION

ID Generator Events

• CONFIG_SERIAL_NUMBER

Random Number Generator Events

• RANDOM_GENERATION

Security Domain Events

• SECURITY_DOMAIN_UPDATE