Skip to content

CMC_SIGNED_REQUEST_SIG_VERIFY Audit Event

Endi S. Dewata edited this page Jun 5, 2023 · 8 revisions

Overview

The CMC_SIGNED_REQUEST_SIG_VERIFY audit event is generated when a CMC (agent-pre-signed) certificate enrollment or revocation request is submitted and signature is verified.

Properties:

  • SubjectID must be the UID of the person who submits the certificate enrollment or revocation request

  • ReqType must be the request type (enrollment, or revocation)

  • CertSubject must be the certificate subject name of the certificate request

  • SignerInfo reflects the person who actually signs the CMC request

By default only failed events will be logged. To log all events, remove the following parameter from CS.cfg:

log.instance.SignedAudit.filters.CMC_SIGNED_REQUEST_SIG_VERIFY=(Outcome=*)

Examples

Use CMC to issue subordinate CA certificates:

  • Install a root CA.

  • Remove log.instance.SignedAudit.filters.CMC_SIGNED_REQUEST_SIG_VERIFY parameter from CS.cfg.

  • Install a subordinate CA with external CA signing certificate. Use CMC on the root CA to issue the subordinate CA signing certificate.

The root CA will generate the following events:

[AuditEvent=CMC_SIGNED_REQUEST_SIG_VERIFY][SubjectID=CN=PKI Administrator,E=caad
min@example.com,OU=pki-tomcat,O=ROOT][Outcome=Success][ReqType=enrollment][CertS
ubject=CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE][SignerInfo=CN=PKI Admi
nistrator,E=caadmin@example.com,OU=pki-tomcat,O=ROOT] agent signed CMC request s
ignature verification
Clone this wiki locally