CONFIG_TRUSTED_PUBLIC_KEY Audit Event - dogtagpki/pki GitHub Wiki

The CONFIG_TRUSTED_PUBLIC_KEY audit event is generated when:

  • Manage Certificate is used to edit the trustness of certificates and deletion of certificates

  • Certificate Setup Wizard is used to import CA certificates into the certificate database (Although CrossCertificatePairs are stored within internaldb, audit them as well)

Properties:

  • ParamNameValPairs must be a name;;value pair (where name and value are separated by the delimiter ;;) separated by + (if more than one name;;value pair) of config params changed

Examples

Adding CA Certificate Chain

Use PKI Console to add a trusted CA certificate chain:

  • Go to ConfigurationSystem Keys and CertificatesCA Certificates.

  • Click Add.

  • Click Next.

  • Select Trusted CA Certificate Chain.

  • Click Next.

  • Select The certificate is located in the text are below.

  • Paste a CA Certificate.

  • Click Next.

  • Click Next.

The server will generate the following events:

[AuditEvent=CONFIG_TRUSTED_PUBLIC_KEY][SubjectID=caadmin][Outcome=Success][Param
NameValPairs=Scope;;installCert+Operation;;OP_MODIFY+Resource;;trustedCACert+pkc
s10;;-----BEGIN CERTIFICATE-----
MIIDFTCCAf2gAwIBAgICWakwDQYJKoZIhvcNAQELBQAwMzEQMA4GA1UEChMHRVhB
TVBMRTEfMB0GA1UEAxMWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xNzA0MjYx
NzQzMjRaFw0xNzA3MjYxNzQzMjRaMDMxEDAOBgNVBAoTB0VYQU1QTEUxHzAdBgNV
BAMTFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
DwAwggEKAoIBAQDOlxlvYGfx1xGD9ZUMu1smdVJFbpvt+oQ6Sfk6S0fUgNe+vsr/
SYVGKvCAFPp+94I70auxFFO3XQhfn3ZKohfuOt1rGLPwYIx3sS4ldU6wWENGYZLi
qA8yQJEGBldql7OKVfC0WCHkKS9b3BJBVqogz7BnO86nxN3g3cmzzWKSAt2Rp5jm
YJT/Lr4xm5vKWtq+rdiDmc36LJ8Wi23tAfUyWoOodBxfYQBMPUGLMA7EaQwWm8oe
vd7wljq3AsX4AWwdBPvsi9QvnSZKpSMZIJj94lSE6O0R3CkHWR0ZNVoBj/XpDqm2
I8ygswbObUeLzTnOJzs8rStvKf4/hNgD0rn/AgMBAAGjMzAxMBEGCWCGSAGG+EIB
AQQEAwIABzAPBgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwICBDANBgkqhkiG9w0B
AQsFAAOCAQEAp1SAHv6qoWd30vEHSVLJwh/RKFh60Dj4ON29KtiploCxiwZk9tZa
Klca+xbtEhK2pVV8UmiUzkbnqNpWB58i1bxoPP316En0DyqjTRodInKt5Y9Jpn89
OuL3o+hTYuQtkQqWknkqxpQi/rbzwEeqEfDcLOLPWbhp4yQXFZySJJPPMSsl0vNN
64ZJdmbzS0/1lNb86aHzoeBUvEwAcHCqnoN5/vXCk0P/DAImIXwugP2cjKH8V8DX
ZEbIOznWyNmNq5gqSIYwt2RUREf6NUjXWWzayrVL2hBq90ukFtMuSf/Pka/Uk3HC
MtQfIFm9RMdb8mdpQxqikxQ49G7pHT+zYA==
-----END CERTIFICATE-----+nickname;;<null>+pathname;;<null>+serverRoot;;<null>+s
erverID;;instanceID] certificate database configuration

Trusting CA Certificate Chain

Use PKI Console to trust an untrusted CA certificate chain:

  • Go to ConfigurationSystem Keys and CertificatesCA Certificates.

  • Select an untrusted CA certificate chain.

  • Click Edit.

  • Click Yes.

The server will generate the following events:

[AuditEvent=CONFIG_TRUSTED_PUBLIC_KEY][SubjectID=caadmin][Outcome=Success][Param
NameValPairs=Scope;;rootTrustBit+Operation;;OP_MODIFY+Resource;;RS_ID_CONFIG+nic
kName;;internal:CA Signing Certificate - EXAMPLE+serialNumber;;33359937118835104
1398503430217059004129+issuerName;;CN=CA Signing Certificate,OU=pki-tomcat,O=EXA
MPLE+trustbit;;trust] certificate database configuration

Untrusting CA Certificate Chain

Use PKI Console to untrust a trusted CA certificate chain:

  • Go to ConfigurationSystem Keys and CertificatesCA Certificates.

  • Select a trusted CA certificate chain.

  • Click Edit.

  • Click Yes.

The server will generate the following events:

[AuditEvent=CONFIG_TRUSTED_PUBLIC_KEY][SubjectID=caadmin][Outcome=Success][Param
NameValPairs=Scope;;rootTrustBit+Operation;;OP_MODIFY+Resource;;RS_ID_CONFIG+nic
kName;;internal:CA Signing Certificate - EXAMPLE+serialNumber;;33359937118835104
1398503430217059004129+issuerName;;CN=CA Signing Certificate,OU=pki-tomcat,O=EXA
MPLE+trustbit;;untrust] certificate database configuration
⚠️ **GitHub.com Fallback** ⚠️