10.3 Creating the Secure Logging Certificate

In the current iteration of Novell Nsure Audit, the Secure Logging Certificate is the system's Certificate Authority (CA); that is, it is the trusted, root certificate that is used to validate all other certificates. Therefore, the Secure Logging Certificate is self-signed and it is used to sign all Logging Application Certificates.

NOTE:Future iterations will be able to use secure certificates from an external CA.

To generate a Secure Logging Certificate, enter the following command at the command prompt:

audcgen -cert:filename -pkey:filename [-f] [-bits:number] [-serial:number] -ss

The following table reviews each of the command parameters:

Parameter

Description

 
-cert:filename

The output path and filename for the Secure Logging Certificate.

The default path and filename is \cacert.pem .

 
-pkey:filename

The output path and filename for the Secure Logging Certificate's private key.

The default path and filename is \capkey.pem .

[-f]

Force overwrite.

AudCGen overwrites any existing certificates or private keys of the same name (for example, cacert.pem or capkey.pem) in the output directory.

This parameter is optional.

If you do not use the -f parameter and there is an existing file, AudCGen aborts creation of the certificate.

 
[-bits:number]

The number of bits for the certificate.

The default is 512; however, Nsure Audit can handle certificates up to 1472 bits. The Platform Agent rejects certificates larger than 1472 bits. 

[-serial:number]

This parameter assigns a serial number to the current certificate. You can use this option to keep track of your system's certificates.

This parameter is optional.

-ss

Self-sign.

AudCGen generates a self-signed CA certificate and key.

The following is a sample command to create a Secure Logging Certificate:

audcgen -cert:c:\cacert.pem -pkey:c:\capkey.pem -f -bits:512 -serial:12345 -ss

10.3.1 Configuring the Secure Logging Server to Use a Custom Certificate

To enable the Secure Logging Server to use a custom certificate and private key, you must configure the Secure Logging Certificate File and Secure PrivateKey File attributes on the Logging Server object. For more information, see Logging Server Objects .