Appendix E. Audit Events


This appendix contains two parts. The first part, Section E.1, “Required Audit Events and Their Examples”, contains a list of required audit events grouped by the requirement ID from the CA Protection Profile V2.1, where each audit event is accompanied by one or more examples. The second part, Section E.2, “Audit Event Descriptions” provides individual audit event and their parameter description and format. Every audit event in the log is accompanied by the following information:
  • The Java identifier of the thread. For example:
    Copy to Clipboard Toggle word wrap
    0.localhost-startStop-1
  • The time stamp the event occurred at. For example:
    Copy to Clipboard Toggle word wrap
    [21/Jan/2019:17:53:00 IST]
  • The log source (14 is SIGNED_AUDIT):
    Copy to Clipboard Toggle word wrap
    [14]
  • The current log level (6 is Security-related events. See the Log Levels (Message Categories) section in the Red Hat Certificate System Planning, Installation, and Deployment Guide (Common Criteria Edition)). For example:
    Copy to Clipboard Toggle word wrap
    [6]
  • The information about the log event (which is log event specific; see Section E.2, “Audit Event Descriptions” for information about each field in a particular log event). For example:
    Copy to Clipboard Toggle word wrap
    [AuditEvent=AUDIT_LOG_STARTUP][SubjectID=$System$][Outcome=Success] audit function startup

E.1. Required Audit Events and Their Examples

This section contains all required audit events per Common Criteria CA Protection Profile v.2.1.
For audit events descriptions, see Section E.2, “Audit Event Descriptions”.

FAU_GEN.1

  • Start-up of the TSF audit functions
    • AUDIT_LOG_STARTUP
      Copy to Clipboard Toggle word wrap
      0.localhost-startStop-1 - [21/Jan/2019:17:53:00 IST] [14] [6] [AuditEvent=AUDIT_LOG_STARTUP][SubjectID=$System$][Outcome=Success] audit function startup
  • All administrative actions invoked through the TFS interface
    • CONFIG_CERT_PROFILE
      Copy to Clipboard Toggle word wrap
      0.http-bio-20443-exec-35 - [02/Jan/2019:05:05:09 EST] [14] [6] [AuditEvent=CONFIG_CERT_PROFILE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;rules+Operation;;OP_ADD+Resource;;caAgentExample+class_id;;caEnrollImpl+name;;caAgentExample Enrollment Profile+description;;This certificate profile is for enrolling user certificates+visible;;true] certificate profile configuration parameter(s) change
    • CERT_PROFILE_APPROVAL
      Copy to Clipboard Toggle word wrap
      0.http-bio-8443-exec-8 - [15/Nov/2018:15:37:19 PST] [14] [6] [AuditEvent=CERT_PROFILE_APPROVAL][SubjectID=cfuEC-0830-agent-2][Outcome=Success][ProfileID=caTPSCert][Op=disapprove] certificate profile approval
    • CONFIG_OCSP_PROFILE
      Copy to Clipboard Toggle word wrap
      0.http-bio-22443-exec-11 - [30/Jan/2019:06:18:02 EST] [14] [6] [AuditEvent=CONFIG_OCSP_PROFILE][SubjectID=ocspadmin][Outcome=Success][ParamNameValPairs=Scope;;ocspStoresRules+Operation;;OP_MODIFY+Resource;;ldapStore+includeNextUpdate;;false+byName;;true+implName;;com.netscape.cms.ocsp.LDAPStore+numConns;;0+caCertAttr;;cACertificate;binary+notFoundAsGood;;true+crlAttr;;certificateRevocationList;binary] OCSP profile configuration parameter(s) change
    • CONFIG_CRL_PROFILE
      Copy to Clipboard Toggle word wrap
      0.http-bio-20443-exec-48 - [29/Jan/2019:04:29:29 EST] [14] [6] [AuditEvent=CONFIG_CRL_PROFILE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;crl+Operation;;OP_MODIFY+Resource;;MasterCRL+enableCRLUpdates;;true+updateSchema;;1+extendedNextUpdate;;true+alwaysUpdate;;false+enableDailyUpdates;;true+dailyUpdates;;4:30+enableUpdateInterval;;true+autoUpdateInterval;;240+nextUpdateGracePeriod;;0+nextAsThisUpdateExtension;;0] CRL profile configuration parameter(s) change
    • CONFIG_AUTH
      Copy to Clipboard Toggle word wrap
      0.http-bio-20443-exec-11 - [15/Jan/2019:08:36:39 EST] [14] [6] [AuditEvent=CONFIG_AUTH][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;instance+Operation;;OP_ADD+Resource;;plug502+implName;;UidPwdDirAuth+ldap.ldapconn.host;;server.example.com+dnpattern;;uid=test,ou=people,o=topology-02-CA+ldapStringAttributes;;mail+ldap.ldapconn.version;;3+ldap.ldapconn.port;;3389+ldap.maxConns;;10+ldap.basedn;;dc=example,dc=com+ldap.minConns;;3+ldap.ldapconn.secureConn;;false+ldapByteAttributes;;uid+ldap.password;;(sensitive)+ldap.ldapauth.authtype;;BasicAuth+ldap.ldapauth.bindDN;;cn=direcory manager] authentication configuration parameter(s) change
      Copy to Clipboard Toggle word wrap
      0.http-bio-20080-exec-25 - [29/Jan/2019:04:54:14 EST] [14] [6] [AuditEvent=CONFIG_AUTH][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;instance+Operation;;OP_ADD+Resource;;plug7487+implName;;AgentCertAuth] authentication configuration parameter(s) change
    • CONFIG_ROLE(success)
      Copy to Clipboard Toggle word wrap
      0.http-bio-20443-exec-50 - [18/Jan/2019:04:08:45 EST] [14] [6] [AuditEvent=CONFIG_ROLE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;certs+Operation;;OP_ADD+Resource;;CA_AdminV+cert;;-----BEGIN CERTIFICATE-----MIIDYTCCAkmgAwIBAgIBfz...-----END CERTIFICATE-----] role configuration parameter(s) change
    • CONFIG_ROLE(Failure)
      Copy to Clipboard Toggle word wrap
      0.http-bio-20443-exec-39 - [18/Jan/2019:04:08:57 EST] [14] [6] [AuditEvent=CONFIG_ROLE][SubjectID=caadmin][Outcome=Failure][ParamNameValPairs=Scope;;users+Operation;;OP_ADD+Resource;;CA_AdminUnTrusted+password;;********+phone;;<null>+fullname;;CA_AdminUnTrusted+state;;<null>+userType;;<null>+email;;<null>] role configuration parameter(s) change
    • CONFIG_ACL
      • CA
        Copy to Clipboard Toggle word wrap
        CA = 0.http-bio-20443-exec-18 - [29/Jan/2019:05:15:16 EST] [14] [6] [AuditEvent=CONFIG_ACL][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;acls+Operation;;OP_MODIFY+Resource;;testACL+aci;;allow (read,allow) group="testGroup"+desc;;ALLOW READ to testGroup+rights;;read,allow] ACL configuration parameter(s) change
    • CONFIG_SIGNED_AUDIT
      • CA
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-20 - [29/Jan/2019:02:44:04 EST] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Action;;disable] signed audit configuration parameter(s) change
      • KRA
        Copy to Clipboard Toggle word wrap
        0.http-bio-21443-exec-9 - [30/Jan/2019:08:15:11 EST] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=kraadmin][Outcome=Success][ParamNameValPairs=Action;;enable] signed audit configuration parameter(s) change
      • OCSP
        Copy to Clipboard Toggle word wrap
        0.http-bio-22443-exec-17 - [30/Jan/2019:08:17:06 EST] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=ocspadmin][Outcome=Success][ParamNameValPairs=Action;;enable] signed audit configuration parameter(s) change
      • TKS
        Copy to Clipboard Toggle word wrap
        0.http-bio-23443-exec-15 - [30/Jan/2019:08:18:52 EST] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=tksadmin][Outcome=Success][ParamNameValPairs=Action;;enable] signed audit configuration parameter(s) change
      • TPS
        Copy to Clipboard Toggle word wrap
        0.http-bio-25443-exec-5 - [30/Jan/2019:08:20:03 EST] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=tpsadmin][Outcome=Success][ParamNameValPairs=Action;;enable] signed audit configuration parameter(s) change
    • CONFIG_TRUSTED_PUBLIC_KEY
      • CA
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-9 - [29/Jan/2019:03:25:02 EST] [14] [6] [AuditEvent=CONFIG_TRUSTED_PUBLIC_KEY][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;installCert+Operation;;OP_MODIFY+Resource;;trustedCACert+pkcs10;;-----BEGIN CERTIFICATE-----MIIEBDCCAuygAwI...-----END CERTIFICATE-----+nickname;;<null>+pathname;;<null>+serverRoot;;<null>+serverID;;instanceID] certificate database configuration
      • KRA
        Copy to Clipboard Toggle word wrap
        0.http-bio-21443-exec-17 - [30/Jan/2019:08:29:07 EST] [14] [6] [AuditEvent=CONFIG_TRUSTED_PUBLIC_KEY][SubjectID=kraadmin][Outcome=Success][ParamNameValPairs=Scope;;installCert+Operation;;OP_MODIFY+Resource;;trustedCACert+pkcs10;;-----BEGIN CERTIFICATE-----MIIEBDCCAuygAw...-----END CERTIFICATE-----+nickname;;<null>+pathname;;<null>+serverRoot;;<null>+serverID;;instanceID] certificate database configuration
      • OCSP
        Copy to Clipboard Toggle word wrap
        0.http-bio-22443-exec-25 - [30/Jan/2019:08:41:08 EST] [14] [6] [AuditEvent=CONFIG_TRUSTED_PUBLIC_KEY][SubjectID=ocspadmin][Outcome=Success][ParamNameValPairs=Scope;;installCert+Operation;;OP_MODIFY+Resource;;trustedCACert+pkcs10;;-----BEGIN CERTIFICATE-----MIIEBDCCAuygAwIB...-----END CERTIFICATE-----+nickname;;<null>+pathname;;<null>+serverRoot;;<null>+serverID;;instanceID] certificate database configuration
      • TKS
        Copy to Clipboard Toggle word wrap
        0.http-bio-23443-exec-23 - [30/Jan/2019:08:45:40 EST] [14] [6] [AuditEvent=CONFIG_TRUSTED_PUBLIC_KEY][SubjectID=tksadmin][Outcome=Success][ParamNameValPairs=Scope;;installCert+Operation;;OP_MODIFY+Resource;;trustedCACert+pkcs10;;-----BEGIN CERTIFICATE-----MIIEBDCCAuygAwIBA...-----END CERTIFICATE-----+nickname;;<null>+pathname;;<null>+serverRoot;;<null>+serverID;;instanceID] certificate database configuration
      • TPS
        Copy to Clipboard Toggle word wrap
        0.http-bio-22443-exec-23 - [30/Jan/2019:08:46:13 EST] [14] [6] [AuditEvent=CONFIG_TRUSTED_PUBLIC_KEY][SubjectID=tpsadmin][Outcome=Success][ParamNameValPairs=Scope;;installCert+Operation;;OP_MODIFY+Resource;;trustedCACert+pkcs10;;-----BEGIN CERTIFICATE-----MIIEBDCCAuygAwIBA...-----END CERTIFICATE-----+nickname;;<null>+pathname;;<null>+serverRoot;;<null>+serverID;;instanceID] certificate database configuration
    • CONFIG_DRM
      Copy to Clipboard Toggle word wrap
      0.http-bio-21443-exec-1 - [24/Jan/2019:09:36:52 EST] [14] [6] [AuditEvent=CONFIG_DRM][SubjectID=kraadmin][Outcome=Success][ParamNameValPairs=Scope;;general+Operation;;OP_MODIFY+Resource;;RS_ID_CONFIG+noOfRequiredRecoveryAgents;;2] DRM configuration parameter(s) change
    • OCSP_ADD_CA_REQUEST_PROCESSED
      • Success
        Copy to Clipboard Toggle word wrap
        0.http-bio-22443-exec-24 - [29/Jan/2019:03:15:59 EST] [14] [6] [AuditEvent=OCSP_ADD_CA_REQUEST_PROCESSED][SubjectID=ocspadmin][Outcome=Success][CASubjectDN=CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_example.com] Add CA for OCSP Responde
      • Failure
        Copy to Clipboard Toggle word wrap
        0.http-bio-22443-exec-12 - [30/Jan/2019:06:44:32 EST] [14] [6] [AuditEvent=OCSP_ADD_CA_REQUEST_PROCESSED][SubjectID=ocspadmin][Outcome=Failure][CASubjectDN=<null>] Add CA for OCSP Responder
    • OCSP_REMOVE_CA_REQUEST_PROCESSED
      Copy to Clipboard Toggle word wrap
      0.http-bio-22443-exec-24 - [29/Jan/2019:03:13:43 EST] [14] [6] [AuditEvent=OCSP_REMOVE_CA_REQUEST_PROCESSED][SubjectID=ocspadmin][Outcome=Success][CASubjectDN=CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_example.com] Remove CA for OCSP Responder is successful
    • SECURITY_DOMAIN_UPDATE
      • Operation: Issue_token
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-10 - [16/Jan/2019:03:19:57 EST] [14] [6] [AuditEvent=SECURITY_DOMAIN_UPDATE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=operation;;issue_token+token;;2433856184928074456+ip;;192.0.2.1+uid;;caadmin+groupname;;Enterprise TKS Administrators] security domain update
      • Operation: Add
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-18 - [02/Jan/2019:04:39:21 EST] [14] [6] [AuditEvent=SECURITY_DOMAIN_UPDATE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=host;;server.example.com+name;;OCSP server.example.com 22443+sport;;22443+clone;;false+type;;OCSP+operation;;add] security domain update
    • CONFIG_SERIAL_NUMBER
      • CA
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-2 - [29/Jan/2019:07:53:21 EST] [14] [6] [AuditEvent=CONFIG_SERIAL_NUMBER][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=source;;updateNumberRange+type;;request+beginNumber;;9990001+endNumber;;10000000] serial number range update
      • KRA
        Copy to Clipboard Toggle word wrap
        0.http-bio-21443-exec-7 - [18/Jan/2019:19:11:47 EST] [14] [6] [AuditEvent=CONFIG_SERIAL_NUMBER][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=source;;updateNumberRange+type;;serialNo+beginNumber;;fff0001+endNumber;;10000000] serial number range update

FDP_CER_EXT.1 (extended)

  • Certificate generation
    • CERT_REQUEST_PROCESSED (SUCCESS)
      Copy to Clipboard Toggle word wrap
      0.http-bio-8443-exec-24 - [07/Sep/2018:10:21:57 PDT] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=7][CertSerialNum=7] certificate request processed

FDP_CER_EXT.2 (extended)

  • Linking of certificates to certificate requests
    • PROFILE_CERT_REQUEST
      Copy to Clipboard Toggle word wrap
      0.http-bio-8443-exec-24 - [07/Sep/2018:10:21:57 PDT] [14] [6] [AuditEvent=PROFILE_CERT_REQUEST][SubjectID=caadmin][Outcome=Success][ReqID=7][ProfileID=caECFullCMCUserCert][CertSubject=CN=cfuEC-0830] certificate request made with certificate profiles

      Note

      The ReqID field effectively links to the ReqID field of a successful CERT_REQUEST_PROCESSED event.

FDP_CER_EXT.3

  • Failed certificate approvals
    • CERT_REQUEST_PROCESSED (FAILURE)
      Copy to Clipboard Toggle word wrap
      0.http-bio-20443-exec-4 - [21/Jan/2019:00:24:16 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=$NonRoleUser$][Outcome=Failure][ReqID=1483][InfoName=rejectReason][InfoValue=Request 1483 Rejected - Subject Name Not Matched UID=testuser00,E=example@example.com,CN=MyTestUser] certificate request processed

FIA_X509_EXT.1, FIA_X509_EXT.2

  • Failed certificate validations; failed authentications
    • ACCESS_SESSION_ESTABLISH (FAILURE)
      • User with revoked cert trying to perform an operation.
        Copy to Clipboard Toggle word wrap
        0.http-bio-21443-exec-9 - [12/Feb/2019:14:52:26 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=192.0.2.1][ServerIP=192.0.2.2][SubjectID=UID=KRA_AgentR,E=KRA_AgentR@example.org,CN=KRA_AgentR,OU=IDMQE,C=US][Outcome=Failure][Info=CERTIFICATE_REVOKED] access session establish failure
      • User with expired cert trying to perform an operation.
        Copy to Clipboard Toggle word wrap
        0.http-bio-21443-exec-9 - [12/Feb/2019:14:52:26 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=192.0.2.1][ServerIP=192.0.2.2][SubjectID=UID=KRA_AgentR,E=KRA_AgentR@example.org,CN=KRA_AgentR,OU=IDMQE,C=US][Outcome=Failure][Info=CERTIFICATE_EXPIRED] access session establish failure
      • CMC enrollment request submitted using a TLS client cert issued by an unknown CA.
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-28 - [12/Feb/2019:16:31:08 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=192.0.2.1][ServerIP=192.0.2.2][SubjectID=CN=CA Signing Certificate,OU=pki-tomcat,O=EXAMPLE][Outcome=Failure][Info=UNKNOWN_CA] access session establish failure
      • When client protocol does not match. For example: client use ssl3 but server does not support.
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-11 - [12/Feb/2019:16:35:26 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=192.0.2.1][ServerIP=192.0.2.2][SubjectID=][Outcome=Failure][Info=HANDSHAKE_FAILURE] access session establish failure
      • For incorrect protocol version. Example server supports tls1.1 and tls1.2 but client sends tls1.
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-46 - [12/Feb/2019:16:39:10 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=192.0.2.1][ServerIP=192.0.2.2][SubjectID=][Outcome=Failure][Info=PROTOCOL_VERSION] access session establish failure
      • When client sends list of cipher but Server have no list of ciphers.
        Server:
        Copy to Clipboard Toggle word wrap
        0.http-bio-21443-exec-3 - [13/Feb/2019:07:40:44 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=192.0.2.1][ServerIP=192.0.2.2][SubjectID=][Outcome=Failure][Info=INTERNAL_ERROR] access session establish failure

FIA_UIA_EXT.1

  • Privileged user identification and authentication
    • ACCESS_SESSION_ESTABLISH
      • CA Example
        Copy to Clipboard Toggle word wrap
        0.http-bio-8443-exec-1 - [10/Oct/2018:15:42:13 PDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=192.0.2.1][ServerIP=192.0.2.1][SubjectID=][Outcome=Success] access session establish success
      • TPS Example
        Copy to Clipboard Toggle word wrap
        0.http-bio-25443-exec-1 - [02/Jan/2019:04:44:12 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=192.0.2.1][ServerIP=192.0.2.1][SubjectID=][Outcome=Success] access session establish success
    • AUTH
      • CA Example
        Copy to Clipboard Toggle word wrap
        0.http-bio-8443-exec-1 - [28/Nov/2018:16:23:15 PST] [14] [6] [AuditEvent=AUTH][SubjectID=caagentJoe][Outcome=Success][AuthMgr=CMCAuth] authentication success
      • TPS Example
        Copy to Clipboard Toggle word wrap
        0.http-bio-25443-exec-1 - [25/Jan/2019:13:00:59 IST] [14] [6] [AuditEvent=AUTH][SubjectID=tpsadmin][Outcome=Success][AuthMgr=passwdUserDBAuthMgr] authentication success
    • AUTHZ
      • CA Example
        Copy to Clipboard Toggle word wrap
        0.http-bio-8443-exec-1 - [28/Nov/2018:16:23:15 PST] [14] [6] [AuditEvent=AUTHZ][SubjectID=caagentJoe][Outcome=Success][aclResource=certServer.ee.profile][Op=submit] authorization success
      • TPS Example
        Copy to Clipboard Toggle word wrap
        0.http-bio-25443-exec-1 - [25/Jan/2019:13:00:59 IST] [14] [6] [AuditEvent=AUTHZ][SubjectID=tpsadmin][Outcome=Success][aclResource=certServer.tps.account][Op=login][Info=AccountResource.login] authorization success
    • ROLE_ASSUME
      • CA Example
        Copy to Clipboard Toggle word wrap
        0.http-bio-8443-exec-1 - [28/Nov/2018:16:23:15 PST] [14] [6] [AuditEvent=ROLE_ASSUME][SubjectID=caagentJoe][Outcome=Success][Role=Certificate Manager Agents] assume privileged role
      • TPS Example
        Copy to Clipboard Toggle word wrap
        0.http-bio-25443-exec-9 - [25/Jan/2019:13:00:07 IST] [14] [6] [AuditEvent=ROLE_ASSUME][SubjectID=cfu][Outcome=Success][Role=Certificate Manager Agents] assume privileged role

FMT_SMR.2

  • Modifications to the group of users that are part of a role
    • CONFIG_ROLE
      See CONFIG_ROLE event above.

FPT_FLS.1

  • Failure with preservation of secure state
    • SELFTESTS_EXECUTION
      • CA Example
        Copy to Clipboard Toggle word wrap
        0.localhost-startStop-1 - [10/Jan/2019:00:47:57 EST] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure] self tests execution (see selftests.log for details)
      • TPS Example
        Copy to Clipboard Toggle word wrap
        0.localhost-startStop-1 - [22/Jan/2019:11:55:32 IST] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure] self tests execution (see selftests.log for details)

FPT_KST_EXT.2

  • Private/secret keys are stored by the HSM and the only operations to "access" those keys are through the TSF as signing operations.
    Copy to Clipboard Toggle word wrap
    CERT_REQUEST_PROCESSED (failure)                         
    0.http-bio-20443-exec-8 - [28/Jan/2019:13:48:14 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=$Unidentified$][Outcome=Failure][ReqID=28][InfoName=rejectReason][InfoValue=Request Key Type RSA Not Matched Rejected - {1}] certificate request processed

FPT_RCV.1

  • The fact that a failure or service discontinuity occurred. Resumption of the regular operation.
    • Failure: SELFTESTS_EXECUTION (Failure)
      • CA Example
        Copy to Clipboard Toggle word wrap
        0.localhost-startStop-1 - [29/Jan/2019:13:29:03 UTC] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure] self tests execution (see selftests.log for details)
      • TPS Example
        Copy to Clipboard Toggle word wrap
        0.localhost-startStop-1 - [22/Jan/2019:11:55:32 IST] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure] self tests execution (see selftests.log for details)
    • Self-test log, see 13.3.2. Configuring Self-Tests in Red Hat Certificat Systemitem's Planning, Installation, and Deployment Guide.
    • Resumption: AUDIT_LOG_STARTUP; SELFTESTS_EXECUTION (Success)
      • TPS Example
        Copy to Clipboard Toggle word wrap
        0.localhost-startStop-1 - [21/Jan/2019:16:47:44 IST] [14] [6] [AuditEvent=AUDIT_LOG_STARTUP][SubjectID=$System$][Outcome=Success] audit function startup
      • CA Example
        Copy to Clipboard Toggle word wrap
        0.localhost-startStop-1 - [04/Feb/2019:18:29:38 EST] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Success] self tests execution (see selftests.log for details)

FPT_STM.1

FPT_TUD_EXT.1

FTA_SSL.4

  • The termination of an interactive session.
    • ACCESS_SESSION_TERMINATED
      • Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-7 - [21/Jan/2019:03:42:17 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.0.2.1][ServerIP=192.0.2.1][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=topology-02-CA,O=topology-02_example.com][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
      • TPS
        Copy to Clipboard Toggle word wrap
        0.http-bio-25443-exec-1 - [02/Jan/2019:04:44:12 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.0.2.1][ServerIP=192.0.2.1][SubjectID=][Outcome=Success][Info=CLOSE_NOTIFY] access session

FTP_TRP.1

  • Initiation of the trusted channel. Termination of the trusted channel. Failures of the trusted path functions.
    • ACCESS_SESSION_ESTABLISH
      • Copy to Clipboard Toggle word wrap
        2529:0.http-bio-20443-exec-8 - [29/Jan/2019:02:41:10 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=192.0.2.1][ServerIP=192.0.2.1][SubjectID=CN=PKI Administrator,E=tpsadmin@server.example.com,OU=topology-02-TPS,O=topology-02_example.com][Outcome=Failure][Info=UNKNOWN_CA] access session establish failure
      • TPS
        Copy to Clipboard Toggle word wrap
        0.http-bio-25443-exec-4 - [25/Jan/2019:12:58:31 IST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=0:0:0:0:0:0:0:1][ServerIP=0:0:0:0:0:0:0:1][SubjectID=][Outcome=Failure][Info=RECORD_OVERFLOW] access session establish failure
    • ACCESS_SESSION_TERMINATED
      • Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-48 - [29/Jan/2019:04:30:49 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.0.2.1][ServerIP=192.0.2.1][SubjectID=][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
      • TPS
        Copy to Clipboard Toggle word wrap
        TPS=0.http-bio-25443-exec-19 - [25/Jan/2019:12:47:07 IST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=192.0.2.1][ServerIP=192.0.2.1][SubjectID=][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

FCS_CKM.1 and FCS_CKM.2

  • Not available. There are no TOE-related functions where a TOE subsystem generates (or requests the OE to generate) a non-ephemeral key. All system certificates are generated in the same manner as user keys during the installation, before the TOE is running and, thus, before the it can audit.

FCS_CKM_EXT.4

  • Not available

FCS_COP.1(2)

  • All occurrences of signature generation using a CA signing key.
    • CERT_SIGNING_INFO records CA signing certificate key info at system startup
      Copy to Clipboard Toggle word wrap
      0.authorityMonitor - [03/Jan/2019:02:33:35 EST] [14] [6] [AuditEvent=CERT_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=E3:D2:5B:2A:F5:76:FF:7B:48:CA:94:18:5F:7B:BD:6B:95:FB:8F:30][AuthorityID=dbec10a4-1264-4759-96d5-6d2aadbf9d34] certificate signing info
    • CERT_REQUEST_PROCESSED (success)
      Copy to Clipboard Toggle word wrap
      0.http-bio-20443-exec-378 - [19/Jan/2019:05:57:39 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=1352][CertSerialNum=984] certificate request processed
    • OCSP_SIGNING_INFO records OCSP signing certificate key info at system startup
      Copy to Clipboard Toggle word wrap
      0.http-bio-29443-exec-3 - [10/Oct/2018:14:15:24 PDT] [14] [6] [AuditEvent=OCSP_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=71:B1:D0:AE:44:DF:ED:D0:20:15:2B:E3:37:E8:EE:04:EB:D6:F1:44] OCSP signing info
    • OCSP_GENERATION (success)
      Copy to Clipboard Toggle word wrap
      0.http-nio-22080-exec-3 - [31/Jan/2019:15:34:47 EST] [14] [6] [AuditEvent=OCSP_GENERATION][SubjectID=$NonRoleUser$][Outcome=Success] OCSP response generation
    • CRL_SIGNING_INFO records CRL signing certificate key info at system startup
      Copy to Clipboard Toggle word wrap
      0.localhost-startStop-1 - [10/Jan/2019:09:10:27 EST] [14] [6] [AuditEvent=CRL_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=23:98:ED:52:5B:2C:27:C6:FF:7C:34:D1:D5:48:57:E9:B8:D1:4E:95] CRL signing info
    • FULL_CRL_GENERATION (success)
      Copy to Clipboard Toggle word wrap
      0.CRLIssuingPoint-testing123 - [30/Jan/2019:08:35:02 EST] [14] [6] [AuditEvent=FULL_CRL_GENERATION][SubjectID=$System$][Outcome=Success][CRLnum=6] Full CRL generation
    • DELTA_CRL_GENERATION (success)
      Copy to Clipboard Toggle word wrap
      0.CRLIssuingPoint-testing123 - [30/Jan/2019:08:35:01 EST] [14] [6] [AuditEvent=DELTA_CRL_GENERATION][SubjectID=$Unidentified$][Outcome=Success][CRLnum=5] Delta CRL generation
  • Failure in signature generation.
    • CERT_REQUEST_PROCESSED (failure)
      Copy to Clipboard Toggle word wrap
      0.http-bio-20443-exec-8 - [28/Jan/2019:13:48:14 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=$Unidentified$][Outcome=Failure][ReqID=28][InfoName=rejectReason][InfoValue=Request Key Type RSA Not Matched Rejected - {1}] certificate request processed
    • OCSP_GENERATION (failure)
      Copy to Clipboard Toggle word wrap
      0.http-nio-22080-exec-6 - [31/Jan/2019:15:35:38 EST] [14] [6] [AuditEvent=OCSP_GENERATION][SubjectID=$NonRoleUser$][Outcome=Failure][FailureReason=Missing issuer certificate] OCSP response generation
    • FULL_CRL_GENERATION (failure)

FCS_HTTPS_EXT.1 and FCS_TLSS_EXT.2

  • Failure to establish a HTTPS/TLS session.
    • ACCESS_SESSION_ESTABLISH (Failure)
      Copy to Clipboard Toggle word wrap
      See FTP_TRP.1
  • Establishment/termination of a HTTPS/TLS session
    • ACCESS_SESSION_TERMINATED
      Copy to Clipboard Toggle word wrap
      See FIA_UIA_EXT.1

FCS_TLSC_EXT.2

  • Failure to establish a TLS session.
    • CLIENT_ACCESS_SESSION_ESTABLISH (Failure)
      Copy to Clipboard Toggle word wrap
      0.http-bio-20443-exec-21 - [13/Feb/2019:07:48:08 EST] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_ESTABLISH][ClientHost=192.0.2.1][ServerHost=pki1.example.com][ServerPort=21443][SubjectID=SYSTEM][Outcome=Failure][Info=send:java.io.IOException: SocketException cannot write on socket] access session failed to establish when Certificate System acts as client
      When Server is not reachable by Client and Session ran into failures. In this scenario, CA acts as a client for KRA during Key Archival and KRA is not reachable by CA.
      Copy to Clipboard Toggle word wrap
      0.http-bio-20443-exec-11 - [12/Feb/2019:18:20:03 EST] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_ESTABLISH][ClientHost=192.0.2.1][ServerHost=pki1.example.com][ServerPort=21443][SubjectID=SYSTEM][Outcome=Failure][Info=send:java.io.IOException: Socket has been closed, and cannot be reused.] access session failed to establish when Certificate System acts as client
      When CA's subsystem cert is revoked and it tried to access KRA.
      • KRA
        Copy to Clipboard Toggle word wrap
        0.http-bio-21443-exec-3 - [13/Feb/2019:08:15:53 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=192.0.2.1][ServerIP=192.0.2.2][SubjectID=CN=Subsystem Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org][Outcome=Failure][Info=CERTIFICATE_REVOKED] access session establish failure
      • CA
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-10 - [13/Feb/2019:08:16:08 EST] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_ESTABLISH][ClientHost=192.0.2.1][ServerHost=pki1.example.com][ServerPort=21443][SubjectID=SYSTEM][Outcome=Failure][Info=send:java.io.IOException: SocketException cannot write on socket] access session failed to establish when Certificate System acts as client
  • Establishment/termination of a TLS session.
    • CLIENT_ACCESS_SESSION_TERMINATED
      Copy to Clipboard Toggle word wrap
      0.http-bio-8443-exec-6 - [10/Oct/2018:15:10:54 PDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_TERMINATED][ClientHost=192.0.2.1][ServerHost=192.0.2.1][ServerPort=29443][SubjectID=SYSTEM][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated when Certificate System acts as client

FDP_CRL_EXT.1

  • Failure to generate a CRL.
    • FULL_CRL_GENERATION (failure)
      Copy to Clipboard Toggle word wrap
      0.http-bio-20444-exec-9 - [01/Feb/2019:15:40:38 EST] [14] [6] [AuditEvent=FULL_CRL_GENERATION][SubjectID=caadmin][Outcome=Failure][FailureReason=Record not found] Full CRL generation

FDP_OCSPG_EXT.1

  • Failure to generate certificate status information.
    • OCSP_GENERATION (failure)

FIA_AFL.1

  • The reaching of the threshold for the Unsuccessful Authentication Attempts. The action Taken. The re-enablement of disabled non-administrative accounts.
    Not available. For password authentication only. Certificate System provides certificate-based authentication only.

FIA_CMCS_EXT.1

  • CMC requests (generated or received) containing certificate requests or revocation requests. CMC responses issued.
    • CMC_SIGNED_REQUEST_SIG_VERIFY
      Copy to Clipboard Toggle word wrap
      0.http-bio-20080-exec-22 - [24/Jan/2019:08:44:51 EST] [14] [6] [AuditEvent=CMC_SIGNED_REQUEST_SIG_VERIFY][SubjectID=$NonRoleUser$][Outcome=Failure][ReqType=$Unidentified$][CertSubject=$Unidentified$][SignerInfo=$Unidentified$] agent signed CMC request signature verification
    • CMC_USER_SIGNED_REQUEST_SIG_VERIFY
      • Successful request:
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-1 - [18/Feb/2019:12:07:20 EST] [14] [6] [AuditEvent=CMC_USER_SIGNED_REQUEST_SIG_VERIFY][SubjectID=UID=test10,CN=test10,O=example.org][Outcome=Success][ReqType=enrollment][CertSubject=<null>][SignerInfo=UID=test10,CN=test10,O=example.org] User signed CMC request signature verification success
    • CMC_REQUEST_RECEIVED
      • Successful request:
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-13 - [29/Jan/2019:04:26:49 EST] [14] [6] [AuditEvent=CMC_REQUEST_RECEIVED][SubjectID=$Unidentified$][Outcome=Success][CMCRequest=MIICoAYJKoZIhv...] CMC request received
      • Failed request:
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-14 - [29/Jan/2019:07:15:27 EST] [14] [6] [AuditEvent=CMC_REQUEST_RECEIVED][SubjectID=$Unidentified$][Outcome=Success][CMCRequest=MIGOBgkqhkiG9w...] CMC request received
    • PROOF_OF_POSSESSION (Enrollment Event)
      Copy to Clipboard Toggle word wrap
      0.http-bio-20443-exec-13 - [29/Jan/2019:04:26:49 EST] [14] [6] [AuditEvent=PROOF_OF_POSSESSION][SubjectID=user1a][Outcome=Success][Info=method=EnrollProfile: verifyPOP: ] proof of possession
    • PROFILE_CERT_REQUEST (Enrollment Event)
      Copy to Clipboard Toggle word wrap
      0.http-bio-20443-exec-13 - [29/Jan/2019:04:26:49 EST] [14] [6] [AuditEvent=PROFILE_CERT_REQUEST][SubjectID=user1a][Outcome=Success][ReqID=31][ProfileID=caECFullCMCSharedTokenCert][CertSubject=UID=user1a,OU=People,DC=rhel76,DC=test] certificate request made with certificate profiles
    • CERT_STATUS_CHANGE_REQUEST
      • Success:
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-5 - [05/Feb/2019:05:57:12 EST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST][SubjectID=caadmin][Outcome=Success][ReqID=121][CertSerialNum=0x67][RequestType=on-hold] certificate revocation/unrevocation request made
      • Failure:
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-13 - [05/Feb/2019:05:58:55 EST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST][SubjectID=caadmin][Outcome=Failure][ReqID=<null>][CertSerialNum=0x67][RequestType=on-hold] certificate revocation/unrevocation request made
    • CERT_REQUEST_PROCESSED
      • Successful request:
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-13 - [29/Jan/2019:04:26:49 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=$Unidentified$][Outcome=Success][ReqID=31][CertSerialNum=20] certificate request processed
    • CERT_STATUS_CHANGE_REQUEST_PROCESSED
      • Successful request:
        Copy to Clipboard Toggle word wrap
        0.http-bio-20443-exec-9 - [29/Jan/2019:07:43:36 EST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=UID=user1a,OU=People,DC=rhel76,DC=test][Outcome=Success][ReqID=32][CertSerialNum=20][RequestType=revoke][RevokeReasonNum=Certificate_Hold][Approval=complete] certificate status change request processed
      • Failed request:
        • Copy to Clipboard Toggle word wrap
          0.http-bio-20443-exec-14 - [29/Jan/2019:07:15:27 EST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=<null>][Outcome=Failure][ReqID=<null>][CertSerialNum=20][RequestType=revoke][RevokeReasonNum=Certificate_Hold][Approval=rejected][Info=CMCOutputTemplate: SharedSecret.getSharedToken(BigInteger serial): shrTok not found in metaInfo] certificate status change request processed
        • Copy to Clipboard Toggle word wrap
          0.http-bio-20443-exec-20 - [29/Jan/2019:07:30:41 EST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=UID=user1a,OU=People,DC=rhel76,DC=test][Outcome=Failure][ReqID=<null>][CertSerialNum=20][RequestType=revoke][RevokeReasonNum=Certificate_Hold][Approval=rejected][Info= certificate issuer DN and revocation request issuer DN do not match] certificate status change request processed
        • Copy to Clipboard Toggle word wrap
          0.http-bio-20443-exec-16 - [29/Jan/2019:07:55:27 EST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=<null>][Outcome=Failure][ReqID=<null>][CertSerialNum=20][RequestType=revoke][RevokeReasonNum=Certificate_Hold][Approval=rejected][Info= shared secret not found] certificate status change request processed
    • CMC_RESPONSE_SENT
      • Enrollment
        • Successful response
          Copy to Clipboard Toggle word wrap
          0.http-bio-20443-exec-13 - [29/Jan/2019:04:26:49 EST] [14] [6] [AuditEvent=CMC_RESPONSE_SENT][SubjectID=user1a][Outcome=Success][CMCResponse=MIIHTAYJKoZI...] CMC response sent
      • Revocation
        • Successful revocation
          Copy to Clipboard Toggle word wrap
          0.http-bio-20443-exec-9 - [29/Jan/2019:07:43:36 EST] [14] [6] [AuditEvent=CMC_RESPONSE_SENT][SubjectID=$Unidentified$][Outcome=Success][CMCResponse=MIIExgYJKoZ...] CMC response sent
        • Failed revocation
          • Revocation does not happen
            Copy to Clipboard Toggle word wrap
            0.http-bio-20443-exec-20 - [29/Jan/2019:07:30:41 EST] [14] [6] [AuditEvent=CMC_RESPONSE_SENT][SubjectID=$Unidentified$][Outcome=Success][CMCResponse=MIIFDgYJKoZIh...] CMC response sent

FPT_SKY_EXT.1(2)/OTH

  • AUTHZ
    • Failure: Agent user attempts to retrieve audit log:
      Copy to Clipboard Toggle word wrap
      0.http-bio-8443-exec-2 - [22/Feb/2019:15:03:38 PST] [14] [6] [AuditEvent=AUTHZ][SubjectID=EC-CA-agent-2][Outcome=Failure][aclResource=certServer.log.content.signedAudit][Op=read][Info=Authorization Error] authorization failure
    • Success: Auditor user retrieved audit log:
      Copy to Clipboard Toggle word wrap
      0.http-bio-8443-exec-13 - [22/Feb/2019:15:25:34 PST] [14] [6] [AuditEvent=AUTHZ][SubjectID=EC-CA-auditor][Outcome=Success][aclResource=certServer.log.content.signedAudit][Op=read][Info=AuditResource.getAuditFile] authorization success

FTP_ITC.1

  • Initiation of the trusted channel. Termination of the trusted channel. Failure of the trusted channel functions.
    • See FCS_HTTPS_EXT.1
    • See FCS_TLSC_EXT.2
Back to top
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2025 Red Hat, Inc.