Signing Log Files - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual
Hide thumbs
Also See for NETSCAPE MANAGEMENT SYSTEM 4.5:
Table of Contents
Advertisement
Archiving of Rotated Log Files
Certificate Management System does, however, provide a command-line utility,
called
you a means of tamper detection. For details, see "Signing Log Files" on page 790.
Signing Log Files
Certificate Management System allows you to digitally sign log files before you
archive them or distribute them for audit purposes. This feature enables you to
check whether the log files have been tampered with since being signed.
For signing log files, you use a command-line utility called Netscape Signing Tool;
for details about this utility, check Chapter 13, "Netscape Signing Tool" of CMS
Command-Line Tools Guide. To locate an online version of this document, see
"Where to Go for Related Information" on page 28. The utility uses information in
the certificate (
databases of Certificate Management System.
Before you begin signing the log files, follow these guidelines:
•
Determine the key pair you want to use for signing the log directory. Typically,
you should use the Certificate Manager's (the CA's) signing key pair. Also find
out the nickname of the certificate that corresponds to this key pair.
•
If you have deployed many CAs, locate the CMS instance in which the CA you
want to use is installed.
•
Find out whether the key pair is in an internal or external token. If it is in an
external token, make sure the token is currently installed. You will also need to
know the password for the token.
•
Determine which log files need to be signed. Put all the files that need to be
signed in one or more directories. (The utility can sign a directory containing
files; it cannot sign individual files.) Make sure these directories are in the host
machine in which the CA is installed.
•
Determine names for the output files; the output you receive will be a JAR file
(which is a signed zip file). You may want to give names that will help you
identify these JAR files easily in the future.
When you are ready with all this information, follow the procedure below to sign
the log directories:
Go to the CMS instance in which the CA whose key pair you want to use for
1.
signing is installed.
790
Netscape Certificate Management System Installation and Setup Guide • October 2001
, that allows you to sign log files before archiving them. This gives
signtool
), key (
cert7.db
), and security module (
key3.db
)
secmod.db
Advertisement
Table of Contents
