Audit record encryption settings


To enable encryption for the audit records. Encrypting the audit records ensures only a user given access to the certificate used for encryption is allowed to view the audit records.

To view this admin console page, click Security > Security auditing > Audit record encryption configuration. If Enable encryption is not selected, then all of the other fields on this panel will be disabled. Encryption is not enabled by default.

Enable encryption

Whether the audit records will be encrypted. This check box is not selected by default.

Audit keystore containing the encryption certificate

Audit keystore specified to store the encryption certificate.

A new keystore can be created by clicking on the New... button.

Certificate in keystore

Specifies an existing certificate will be used from the keystore specified in the Audit keystore containing the encryption certificate field. This field is selected by default. If a keystore in security.xml is used, the administrator role is required.

  • Certificate alias

    When the Certificate in keystore field is selected, the certificate alias dropdown menu displays a list of certificate aliases contained in the keystore defined by the Audit keystore containing the encryption certificate field. Select the certificate from the dropdown menu to be used to encrypt the audit records.

Create a new certificate in the selected keystore

A new certificate will be created in the keystore defined by the Audit keystore containing the encryption certificate field.

  • Certificate alias

    When the Create a new certificate in the selected keystore is selected, the Certificate alias field is used to define the name of the certificate to be created in the keystore defined by the Audit keystore containing the encryption certificate field.

  • Automatically generate certificate

    When selected, the Automatically generate certificate field specifies that the appserver will automatically generate the certificate. This field is selected by default when the Create a new certificate in the selected keystore field is selected.

  • Import a certificateWhen selected, the Import a certificate field specifies that an existing self-signed certificate will be imported by the auditor into the keystore and used to encrypt the audit records. This field is not selected by default when the Create a new certificate in the selected keystore field is selected.

    The following fields need to be defined to import an existing certificate.

    • The Key file name field specifies the keystore filename that contains the certificate to be imported.

    • The Path field specifies the path to the keystore file that contains the certificate to be imported.

    • The Type field specifies the type of the keystore file that contains the certificate to be imported.

    • The Key file password field specifies the password used to access the keystore file that contains the certificate to be imported.
    • Certificate alias to import field specifies the alias of the certificate to be imported.





 

Related tasks


Audit the security infrastructure

 

Related


Audit record keystore settings
Security Auditing detail
Audit record signing settings
Audit encryption keystores and certificates collection