Audit record signing configuration settings
Use this page to enable signing for the audit records. Signing audit records ensures tamper-proof recording of the auditable events. Both the auditor and administrator roles are required to configure the signing of the audit data. To view this console page, click Security > Security auditing > Audit record signing configuration. If Enable signing is not selected, then all of the other fields on this panel will be disabled.
Enable signing
Whether the audit records will be encrypted. This check box is not selected by default.
Managed keystore containing the signing certificate
Specifies the keystore used to store the signing certificate.
Certificate in keystore
Specifies an existing certificate will be used from the keystore specified in the Managed keystore containing the signing certificate field. This field is selected by default.
- Certificate alias
When the Certificate in keystore field is selected, the Certificate alias dropdown menu displays a list of certificate aliases contained in the keystore defined by the Managed keystore containing the signing certificate field. Select the certificate from the dropdown menu to be used to sign the audit records.
Create a new certificate in the selected keystore
Specifies that a new certificate will be created in the keystore defined by the Managed keystore containing the signing certificate field.
- Certificate alias
When the Create a new certificate in the selected keystore is selected, the Certificate alias field is used to define the name of the certificate to be created in the keystore defined by the Audit keystore containing the encryption certificate field.
- Import the encryption certificate
Certificate used for encryption will be imported into the signing keystore file and used for signing.
- Automatically generate certificate
Specifies the application server will automatically generate the certificate. This field is selected by default when the Create a new certificate in the selected keystore field is selected.
- Import a certificate
Specifies an existing self-signed certificate will be imported by the auditor into the keystore and used to encrypt your audit records. This field is not selected by default when the Create a new certificate in the selected keystore field is selected. The following fields need to be defined to import an existing certificate.
- The Key file name field specifies the keystore filename containing the certificate to be imported.
- The Path field specifies the path to the keystore file containing the certificate to be imported.
- The Type field specifies the type of the keystore file containing the certificate to be imported.
- The Key file password field specifies the password used to access the keystore file containing the certificate to be imported.
- Certificate alias to import field specifies the alias of the certificate to be imported.
Related
Audit record keystore settings Security Auditing detail Audit record encryption configuration settings Audit encryption keystores and certificates collection