Signing security audit data using scripting
You can use the wsadmin tool to configure the security auditing system to sign security audit records. Security auditing provides tracking and archiving of auditable events.
Before you begin
Verify that you have the appropriate administrative role. To complete this topic, you must have the auditor and administrator administrative roles.
About this task
When configuring the signing of audit data, the auditor
can choose between the following options:
- Allow the application server to automatically generate a certificate.
- Use an existing self-signed certificate that the auditor previously generated.
- Use the same self-signed certificate as the system uses to encrypt the audit records.
- Use an existing keystore to store this certificate.
- Create a new keystore to store this certificate.
- Use an existing self-signed certificate in an existing keystore.
Use the following task steps to configure the signing of security audit data:
Procedure
Results
Signing is configured for your security audit data. If you set the -enableAuditSigning parameter to true, your security auditing system signs security audit data when security auditing is enabled.
What to do next
Once you configure the signing model for the first time,
use the enableAuditSigning and disableAuditSigning commands to quickly
turn signing on and off. The following example uses the enableAuditSigning
command to turn signing on:
AdminTask.enableAuditSigning()
The
following example uses the disableAuditSigning command to turn signing
off:
AdminTask.disableAuditSigning()