红帽全球峰会附录 E. 审计事件
本附录包含两个部分。第一部分 第 E.1 节 “所需的审计事件及其示例” 包含由 CA Protection Profile V2.1 中要求 ID 分组的所需审计事件的列表,其中每个审计事件都以一个或多个示例组成。第二部分,第 E.2 节 “审计事件描述” 提供单独的审计事件及其参数描述和格式。日志中的每个审计事件都由以下信息实现:
线程的 Java 标识符。例如:
0.localhost-startStop-1
0.localhost-startStop-1Copy to Clipboard Copied! Toggle word wrap Toggle overflow 事件发生的时间戳。例如:
[21/May/2023:17:53:00 IST]
[21/May/2023:17:53:00 IST]Copy to Clipboard Copied! Toggle word wrap Toggle overflow 日志源(14 为 SIGNED_AUDIT):
[14]
[14]Copy to Clipboard Copied! Toggle word wrap Toggle overflow 当前日志级别(6 是与安全相关的事件)。请参阅 规划、安装和部署指南 (通用标准版)中的 13.1.2 日志级别( 消息类别 )。例如:
[6]
[6]Copy to Clipboard Copied! Toggle word wrap Toggle overflow 有关日志事件的信息(特定于日志事件);有关特定日志事件中的每个字段的信息,请参阅 第 E.2 节 “审计事件描述”。例如:
[AuditEvent=AUDIT_LOG_STARTUP][SubjectID=$System$][Outcome=Success] audit function startup
[AuditEvent=AUDIT_LOG_STARTUP][SubjectID=$System$][Outcome=Success] audit function startupCopy to Clipboard Copied! Toggle word wrap Toggle overflow
E.1. 所需的审计事件及其示例
本节包含每个通用标准 CA 保护配置文件 v.2.1 的所有必要审计事件。
有关审计事件描述,请参阅 第 E.2 节 “审计事件描述”。
FAU_GEN.1
TSF 审计功能的启动
AUDIT_LOG_STARTUP测试案例:启动 CS 实例。
0.main - [17/Mar/2023:04:31:50 EDT] [14] [6] [AuditEvent=AUDIT_LOG_STARTUP][SubjectID=$System$][Outcome=Success] audit function startup
0.main - [17/Mar/2023:04:31:50 EDT] [14] [6] [AuditEvent=AUDIT_LOG_STARTUP][SubjectID=$System$][Outcome=Success] audit function startupCopy to Clipboard Copied! Toggle word wrap Toggle overflow
通过 TFS 接口调用的所有管理操作
CONFIG_CERT_PROFILE测试案例:通过 CLI 或控制台修改配置集。
0.https-jsse-nio-31443-exec-11 - [25/Apr/2023:05:59:44 EDT] [14] [6] [AuditEvent=CONFIG_CERT_PROFILE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;rules+Operation;;OP_ADD+Resource;;caFullCMCUserCertFoobar+class_id;;caEnrollImpl] certificate profile configuration parameter(s) change
0.https-jsse-nio-31443-exec-11 - [25/Apr/2023:05:59:44 EDT] [14] [6] [AuditEvent=CONFIG_CERT_PROFILE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;rules+Operation;;OP_ADD+Resource;;caFullCMCUserCertFoobar+class_id;;caEnrollImpl] certificate profile configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow CERT_PROFILE_APPROVAL测试案例:作为 CA 管理员,通过控制台或 CLI 启用配置文件(如
caUserCert)。然后,作为 CA 代理,通过 Web UI 中的代理门户批准配置集。0.https-jsse-nio-31443-exec-1 - [28/Apr/2023:02:13:21 EDT] [14] [6] [AuditEvent=CERT_PROFILE_APPROVAL][SubjectID=rsa_SubCA_AgentV][Outcome=Success][ProfileID=caUserCert][Op=approve] certificate profile approval
0.https-jsse-nio-31443-exec-1 - [28/Apr/2023:02:13:21 EDT] [14] [6] [AuditEvent=CERT_PROFILE_APPROVAL][SubjectID=rsa_SubCA_AgentV][Outcome=Success][ProfileID=caUserCert][Op=approve] certificate profile approvalCopy to Clipboard Copied! Toggle word wrap Toggle overflow CONFIG_OCSP_PROFILE测试案例:通过控制台更改 OCSP 参数,例如,
包含NextUpdate(确保每次测试后恢复更改)。0.https-jsse-nio-32443-exec-20 - [11/May/2023:18:32:39 EDT] [14] [6] [AuditEvent=CONFIG_OCSP_PROFILE][SubjectID=ocspadmin][Outcome=Success][ParamNameValPairs=Scope;;ocspStoresRules+Operation;;OP_MODIFY+Resource;;defStore+includeNextUpdate;;false+byName;;true+implName;;com.netscape.cms.ocsp.DefStore+notFoundAsGood;;true] OCSP profile configuration parameter(s) change
0.https-jsse-nio-32443-exec-20 - [11/May/2023:18:32:39 EDT] [14] [6] [AuditEvent=CONFIG_OCSP_PROFILE][SubjectID=ocspadmin][Outcome=Success][ParamNameValPairs=Scope;;ocspStoresRules+Operation;;OP_MODIFY+Resource;;defStore+includeNextUpdate;;false+byName;;true+implName;;com.netscape.cms.ocsp.DefStore+notFoundAsGood;;true] OCSP profile configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow CONFIG_CRL_PROFILE测试问题单 :在控制台中选择 Certificate Manager > CRL Issuing Points > MasterCRL > Updates >,并修改
Update CRL every字段以及Next update race period和Next update 作为这个更新扩展字段。0.https-jsse-nio-31443-exec-17 - [11/May/2023:18:37:05 EDT] [14] [6] [AuditEvent=CONFIG_CRL_PROFILE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;crl+Operation;;OP_MODIFY+Resource;;MasterCRL+enableCRLUpdates;;true+updateSchema;;1+extendedNextUpdate;;true+alwaysUpdate;;true+enableDailyUpdates;;true+dailyUpdates;;1:00+enableUpdateInterval;;true+autoUpdateInterval;;241+nextUpdateGracePeriod;;1+nextAsThisUpdateExtension;;1] CRL profile configuration parameter(s) change
0.https-jsse-nio-31443-exec-17 - [11/May/2023:18:37:05 EDT] [14] [6] [AuditEvent=CONFIG_CRL_PROFILE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;crl+Operation;;OP_MODIFY+Resource;;MasterCRL+enableCRLUpdates;;true+updateSchema;;1+extendedNextUpdate;;true+alwaysUpdate;;true+enableDailyUpdates;;true+dailyUpdates;;1:00+enableUpdateInterval;;true+autoUpdateInterval;;241+nextUpdateGracePeriod;;1+nextAsThisUpdateExtension;;1] CRL profile configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow CONFIG_AUTH测试问题单 :在控制台中选择 Authentication > Authentication Instance >,并通过输入新的 Auth Instance ID 来添加新的身份验证实例。例如:
AgentCertAuth,然后输入AgentCertAuth2作为实例名称。0.https-jsse-nio-31443-exec-18 - [11/May/2023:19:13:09 EDT] [14] [6] [AuditEvent=CONFIG_AUTH][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;instance+Operation;;OP_ADD+Resource;;AgentCertAuth+implName;;AgentCertAuth] authentication configuration parameter(s) change
0.https-jsse-nio-31443-exec-18 - [11/May/2023:19:13:09 EDT] [14] [6] [AuditEvent=CONFIG_AUTH][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;instance+Operation;;OP_ADD+Resource;;AgentCertAuth+implName;;AgentCertAuth] authentication configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow CONFIG_ROLE(success)测试案例:添加用户,例如:{ pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -p 31443 -n 'rsa_SubCA_AdminV' ca-user-add Test_UserV --fullName Test --password SECret.123.123.
0.https-jsse-nio-31443-exec-24 - [26/Apr/2023:08:29:25 EDT] [14] [6] [AuditEvent=CONFIG_ROLE][SubjectID=rsa_SubCA_AdminV][Outcome=Success][ParamNameValPairs=Scope;;users+Operation;;OP_ADD+Resource;;Test_UserV+password;;**+phone;;<null>+fullname;;Testuser+state;;<null>+userType;;<null>+email;;<null>] role configuration parameter(s) change
0.https-jsse-nio-31443-exec-24 - [26/Apr/2023:08:29:25 EDT] [14] [6] [AuditEvent=CONFIG_ROLE][SubjectID=rsa_SubCA_AdminV][Outcome=Success][ParamNameValPairs=Scope;;users+Operation;;OP_ADD+Resource;;Test_UserV+password;;**+phone;;<null>+fullname;;Testuser+state;;<null>+userType;;<null>+email;;<null>] role configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow CONFIG_ROLE(Failure)测试案例:添加现有用户,例如 # pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -p 31443 -n 'rsa_SubCA_AdminV' ca-user-add Test_UserV --fullName Testuser --password SECret.123.123.
0.https-jsse-nio-31443-exec-5 - [26/Apr/2023:08:31:53 EDT] [14] [6] [AuditEvent=CONFIG_ROLE][SubjectID=rsa_SubCA_AdminV][Outcome=Failure][ParamNameValPairs=Scope;;users+Operation;;OP_ADD+Resource;;Test_UserV+password;;**+phone;;<null>+fullname;;Testuser+state;;<null>+userType;;<null>+email;;<null>] role configuration parameter(s) change
0.https-jsse-nio-31443-exec-5 - [26/Apr/2023:08:31:53 EDT] [14] [6] [AuditEvent=CONFIG_ROLE][SubjectID=rsa_SubCA_AdminV][Outcome=Failure][ParamNameValPairs=Scope;;users+Operation;;OP_ADD+Resource;;Test_UserV+password;;**+phone;;<null>+fullname;;Testuser+state;;<null>+userType;;<null>+email;;<null>] role configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow CONFIG_ACLCA
测试案例:在控制台中点击 Access Control List 并删除变量(之后将其重新添加)。
0.https-jsse-nio-31443-exec-9 - [11/May/2023:18:13:52 EDT] [14] [6] [AuditEvent=CONFIG_ACL][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;acls+Operation;;OP_MODIFY+Resource;;certServer.ca.crl+aci;;allow (read,update) group="Certificate Manager Agents"+desc;;Certificate Manager agents may read or update crl+rights;;read] ACL configuration parameter(s) change
0.https-jsse-nio-31443-exec-9 - [11/May/2023:18:13:52 EDT] [14] [6] [AuditEvent=CONFIG_ACL][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;acls+Operation;;OP_MODIFY+Resource;;certServer.ca.crl+aci;;allow (read,update) group="Certificate Manager Agents"+desc;;Certificate Manager agents may read or update crl+rights;;read] ACL configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow
CONFIG_SIGNED_AUDIT(FAU_SEL.1)CA
测试案例:禁用,例如:{ pki -U https://rhcs10.example.com:21443 -d /root/.dogtag/pki_ecc_bootstrap/certs_db -c SECret.123 -n ecc_SubCA_AdminV ca-audit-mod --action disable.
0.https-jsse-jss-nio-21443-exec-5 - [23/Oct/2023:04:38:52 EDT] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=ecc_SubCA_AdminV][Outcome=Success][ParamNameValPairs=Action;;disable] signed audit configuration parameter(s) change
0.https-jsse-jss-nio-21443-exec-5 - [23/Oct/2023:04:38:52 EDT] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=ecc_SubCA_AdminV][Outcome=Success][ParamNameValPairs=Action;;disable] signed audit configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow 测试案例:重新启用,例如 # pki -U https://rhcs10.example.com:21443 -d /root/.dogtag/pki_ecc_bootstrap/certs_db -c SECret.123 -n ecc_SubCA_AdminV ca-audit-mod --action enable.
0.https-jsse-jss-nio-21443-exec-10 - [23/Oct/2023:04:47:23 EDT] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=ecc_SubCA_AdminV][Outcome=Success][ParamNameValPairs=Action;;enable] signed audit configuration parameter(s) change
0.https-jsse-jss-nio-21443-exec-10 - [23/Oct/2023:04:47:23 EDT] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=ecc_SubCA_AdminV][Outcome=Success][ParamNameValPairs=Action;;enable] signed audit configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow KRA
测试案例:使用
pki kra-audit-mod命令禁用审计:{ pki -p 28443 -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -n "PKI KRA Administrator for RSA-KRA" kra-audit-mod --action disable.0.https-jsse-nio-28443-exec-17 - [15/May/2023:18:30:44 EDT] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=kraadmin][Outcome=Success][ParamNameValPairs=Action;;disable] signed audit configuration parameter(s) change
0.https-jsse-nio-28443-exec-17 - [15/May/2023:18:30:44 EDT] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=kraadmin][Outcome=Success][ParamNameValPairs=Action;;disable] signed audit configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow OCSP
测试问题单 :在控制台中选择 Log > Log Event Listener Management 选项卡 > SignedAudit > Edit/View > 并更改
flushInterval值。0.https-jsse-nio-31443-exec-15 - [11/May/2023:19:42:24 EDT] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;logRule+Operation;;OP_MODIFY+Resource;;SignedAudit+level;;Information+rolloverInterval;;Monthly+flushInterval;;5+mandatory.events;;<null>+bufferSize;;512+maxFileSize;;2000+fileName;;/var/lib/pki/rhcs10-RSA-SubCA/logs/ca/signedAudit/ca_audit+enable;;true+signedAuditCertNickname;;NHSM-CONN-XC:auditSigningCert cert-rhcs10-RSA-SubCA CA+implName;;file+type;;signedAudit+logSigning;;true+events;;ACCESS_SESSION_ESTABLISH,ACCESS_SESSION_TERMINATED,AUDIT_LOG_SIGNING,AUDIT_LOG_STARTUP,AUTH,AUTHORITY_CONFIG,AUTHZ,CERT_PROFILE_APPROVAL,CERT_REQUEST_PROCESSED,CERT_SIGNING_INFO,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,CLIENT_ACCESS_SESSION_ESTABLISH,CLIENT_ACCESS_SESSION_TERMINATED,CMC_REQUEST_RECEIVED,CMC_RESPONSE_SENT,CMC_SIGNED_REQUEST_SIG_VERIFY,CMC_USER_SIGNED_REQUEST_SIG_VERIFY,CONFIG_ACL,CONFIG_AUTH,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_ENCRYPTION,CONFIG_ROLE,CONFIG_SERIAL_NUMBER,CONFIG_SIGNED_AUDIT,CONFIG_TRUSTED_PUBLIC_KEY,CRL_SIGNING_INFO,DELTA_CRL_GENERATION,FULL_CRL_GENERATION,KEY_GEN_ASYMMETRIC,LOG_PATH_CHANGE,OCSP_GENERATION,OCSP_SIGNING_INFO,PROFILE_CERT_REQUEST,PROOF_OF_POSSESSION,RANDOM_GENERATION,ROLE_ASSUME,SCHEDULE_CRL_GENERATION,SECURITY_DOMAIN_UPDATE,SELFTESTS_EXECUTION,SERVER_SIDE_KEYGEN_REQUEST,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED] signed audit configuration parameter(s) change
0.https-jsse-nio-31443-exec-15 - [11/May/2023:19:42:24 EDT] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=Scope;;logRule+Operation;;OP_MODIFY+Resource;;SignedAudit+level;;Information+rolloverInterval;;Monthly+flushInterval;;5+mandatory.events;;<null>+bufferSize;;512+maxFileSize;;2000+fileName;;/var/lib/pki/rhcs10-RSA-SubCA/logs/ca/signedAudit/ca_audit+enable;;true+signedAuditCertNickname;;NHSM-CONN-XC:auditSigningCert cert-rhcs10-RSA-SubCA CA+implName;;file+type;;signedAudit+logSigning;;true+events;;ACCESS_SESSION_ESTABLISH,ACCESS_SESSION_TERMINATED,AUDIT_LOG_SIGNING,AUDIT_LOG_STARTUP,AUTH,AUTHORITY_CONFIG,AUTHZ,CERT_PROFILE_APPROVAL,CERT_REQUEST_PROCESSED,CERT_SIGNING_INFO,CERT_STATUS_CHANGE_REQUEST,CERT_STATUS_CHANGE_REQUEST_PROCESSED,CLIENT_ACCESS_SESSION_ESTABLISH,CLIENT_ACCESS_SESSION_TERMINATED,CMC_REQUEST_RECEIVED,CMC_RESPONSE_SENT,CMC_SIGNED_REQUEST_SIG_VERIFY,CMC_USER_SIGNED_REQUEST_SIG_VERIFY,CONFIG_ACL,CONFIG_AUTH,CONFIG_CERT_PROFILE,CONFIG_CRL_PROFILE,CONFIG_ENCRYPTION,CONFIG_ROLE,CONFIG_SERIAL_NUMBER,CONFIG_SIGNED_AUDIT,CONFIG_TRUSTED_PUBLIC_KEY,CRL_SIGNING_INFO,DELTA_CRL_GENERATION,FULL_CRL_GENERATION,KEY_GEN_ASYMMETRIC,LOG_PATH_CHANGE,OCSP_GENERATION,OCSP_SIGNING_INFO,PROFILE_CERT_REQUEST,PROOF_OF_POSSESSION,RANDOM_GENERATION,ROLE_ASSUME,SCHEDULE_CRL_GENERATION,SECURITY_DOMAIN_UPDATE,SELFTESTS_EXECUTION,SERVER_SIDE_KEYGEN_REQUEST,SERVER_SIDE_KEYGEN_REQUEST_PROCESSED] signed audit configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow TKS
测试案例:使用
pki tps-audit-mod命令禁用审计,将 TKS admin 证书导入到 db: ip pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ client-cert-import --pkcs12 /opt/pki_rsa/rhcs10-RSA-TKS/tks_admin_cert.p12 --pkcs12-password SECret.123,然后 # pki -p 24443 -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -n "PKI TKS Administrator for RSA-TKS" tks-audit-mod --action disable.0.https-jsse-nio-24443-exec-4 - [15/May/2023:18:23:02 EDT] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=tksadmin][Outcome=Success][ParamNameValPairs=Action;;disable] signed audit configuration parameter(s) change
0.https-jsse-nio-24443-exec-4 - [15/May/2023:18:23:02 EDT] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=tksadmin][Outcome=Success][ParamNameValPairs=Action;;disable] signed audit configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow TPS
测试案例:使用
pki tps-audit-mod命令禁用审计,将 TPS admin 证书导入到 db: ip pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ client-cert-import --pkcs12 /opt/pki_rsa/rhcs10-RSA-TPS/tks_admin_cert.p12 --pkcs12-password SECret.123,然后 # pki -p 24443 -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -n "PKI TPS Administrator for RSA-TPS" tps-audit-mod --action disable.0.https-jsse-nio-25443-exec-23 - [15/May/2023:18:39:02 EDT] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=tpsadmin][Outcome=Success][ParamNameValPairs=Action;;enable] signed audit configuration parameter(s) change
0.https-jsse-nio-25443-exec-23 - [15/May/2023:18:39:02 EDT] [14] [6] [AuditEvent=CONFIG_SIGNED_AUDIT][SubjectID=tpsadmin][Outcome=Success][ParamNameValPairs=Action;;enable] signed audit configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow
CONFIG_DRM测试问题单 :在控制台中点 Configuration > Data Recovery Manager > General Settings >,并将所需的恢复代理数量设置为 2。
0.https-jsse-nio-28443-exec-19 - [20/Jun/2023:19:43:36 EDT] [14] [6] [AuditEvent=CONFIG_DRM][SubjectID=kraadmin][Outcome=Success][ParamNameValPairs=Scope;;general+Operation;;OP_MODIFY+Resource;;RS_ID_CONFIG+noOfRequiredRecoveryAgents;;8] DRM configuration parameter(s) change
0.https-jsse-nio-28443-exec-19 - [20/Jun/2023:19:43:36 EDT] [14] [6] [AuditEvent=CONFIG_DRM][SubjectID=kraadmin][Outcome=Success][ParamNameValPairs=Scope;;general+Operation;;OP_MODIFY+Resource;;RS_ID_CONFIG+noOfRequiredRecoveryAgents;;8] DRM configuration parameter(s) changeCopy to Clipboard Copied! Toggle word wrap Toggle overflow OCSP_ADD_CA_REQUEST_PROCESSED成功
测试问题单:在 WebUI 中,点 Agent Services > Add Certificate Authority >,然后以 PEM 格式输入有效的 CA 证书。
0.https-jsse-jss-nio-22443-exec-8 - [08/Sep/2023:13:01:19 EDT] [14] [6] [AuditEvent=OCSP_ADD_CA_REQUEST_PROCESSED][SubjectID=OCSP_AgentV][Outcome=Success][CASubjectDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA] Add CA for OCSP Responder
0.https-jsse-jss-nio-22443-exec-8 - [08/Sep/2023:13:01:19 EDT] [14] [6] [AuditEvent=OCSP_ADD_CA_REQUEST_PROCESSED][SubjectID=OCSP_AgentV][Outcome=Success][CASubjectDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA] Add CA for OCSP ResponderCopy to Clipboard Copied! Toggle word wrap Toggle overflow 失败
Test case: 在 Web UI 中,点 Agent Services > Add Certificate Authority >,然后不输入任何有效。
0.https-jsse-jss-nio-22443-exec-14 - [08/Sep/2023:13:04:06 EDT] [14] [6] [AuditEvent=OCSP_ADD_CA_REQUEST_PROCESSED][SubjectID=OCSP_AgentV][Outcome=Failure][CASubjectDN=<null>] Add CA for OCSP Responder
0.https-jsse-jss-nio-22443-exec-14 - [08/Sep/2023:13:04:06 EDT] [14] [6] [AuditEvent=OCSP_ADD_CA_REQUEST_PROCESSED][SubjectID=OCSP_AgentV][Outcome=Failure][CASubjectDN=<null>] Add CA for OCSP ResponderCopy to Clipboard Copied! Toggle word wrap Toggle overflow
OCSP_REMOVE_CA_REQUEST_PROCESSED测试案例:在 Web UI 中,点 Agent Services > List Certificate Authorities >,然后点 Remove CA (Remember 会在测试后添加回来。
0.https-jsse-jss-nio-22443-exec-21 - [08/Sep/2023:13:06:04 EDT] [14] [6] [AuditEvent=OCSP_REMOVE_CA_REQUEST_PROCESSED][SubjectID=OCSP_AgentV][Outcome=Success][CASubjectDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA] Remove CA for OCSP Responder is successful
0.https-jsse-jss-nio-22443-exec-21 - [08/Sep/2023:13:06:04 EDT] [14] [6] [AuditEvent=OCSP_REMOVE_CA_REQUEST_PROCESSED][SubjectID=OCSP_AgentV][Outcome=Success][CASubjectDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA] Remove CA for OCSP Responder is successfulCopy to Clipboard Copied! Toggle word wrap Toggle overflow SECURITY_DOMAIN_UPDATEoperation: Issue_token
测试案例:当将其他子系统添加到安全域或从中删除时检查 CA 日志。
0.https-jsse-nio-31443-exec-15 - [28/Apr/2023:09:52:30 EDT] [14] [6] [AuditEvent=SECURITY_DOMAIN_UPDATE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=operation;;issue_token+token;;2094141712918570861+ip;;10.0.188.59+uid;;caadmin+groupname;;Enterprise TKS Administrators] security domain update
0.https-jsse-nio-31443-exec-15 - [28/Apr/2023:09:52:30 EDT] [14] [6] [AuditEvent=SECURITY_DOMAIN_UPDATE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=operation;;issue_token+token;;2094141712918570861+ip;;10.0.188.59+uid;;caadmin+groupname;;Enterprise TKS Administrators] security domain updateCopy to Clipboard Copied! Toggle word wrap Toggle overflow operation: Add
测试案例:当将其他子系统添加到安全域或从中删除时检查 CA 日志。
0.https-jsse-nio-31443-exec-15 - [28/Apr/2023:09:53:10 EDT] [14] [6] [AuditEvent=SECURITY_DOMAIN_UPDATE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=host;;ccrsa-1.rhcs10.example.com+name;;TKS ccrsa-1.rhcs10.example.com 24443+sport;;24443+clone;;false+type;;TKS+operation;;add] security domain update
0.https-jsse-nio-31443-exec-15 - [28/Apr/2023:09:53:10 EDT] [14] [6] [AuditEvent=SECURITY_DOMAIN_UPDATE][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=host;;ccrsa-1.rhcs10.example.com+name;;TKS ccrsa-1.rhcs10.example.com 24443+sport;;24443+clone;;false+type;;TKS+operation;;add] security domain updateCopy to Clipboard Copied! Toggle word wrap Toggle overflow
CONFIG_SERIAL_NUMBERCA
测试案例:创建 RootCA 子系统克隆.
0.https-jsse-jss-nio-8443-exec-13 - [18/Sep/2023:08:11:13 EDT] [14] [6] [AuditEvent=CONFIG_SERIAL_NUMBER][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=source;;updateNumberRange+type;;request+beginNumber;;9990001+endNumber;;10000000] serial number range update
0.https-jsse-jss-nio-8443-exec-13 - [18/Sep/2023:08:11:13 EDT] [14] [6] [AuditEvent=CONFIG_SERIAL_NUMBER][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=source;;updateNumberRange+type;;request+beginNumber;;9990001+endNumber;;10000000] serial number range updateCopy to Clipboard Copied! Toggle word wrap Toggle overflow KRA
测试案例:创建 KRA 子系统克隆.
0.https-jsse-jss-nio-21443-exec-8 - [18/Sep/2023:11:04:18 EDT] [14] [6] [AuditEvent=CONFIG_SERIAL_NUMBER][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=source;;updateNumberRange+type;;request+beginNumber;;9990001+endNumber;;10000000] serial number range update
0.https-jsse-jss-nio-21443-exec-8 - [18/Sep/2023:11:04:18 EDT] [14] [6] [AuditEvent=CONFIG_SERIAL_NUMBER][SubjectID=caadmin][Outcome=Success][ParamNameValPairs=source;;updateNumberRange+type;;request+beginNumber;;9990001+endNumber;;10000000] serial number range updateCopy to Clipboard Copied! Toggle word wrap Toggle overflow
FDP_CER_EXT.1 (extended)
证书生成
CERT_REQUEST_PROCESSED(success)测试案例:使用 SharedSecret 成功 CMC 请求(使用
cmc.popLinkWitnessRequired=true)。0.https-jsse-jss-nio-21443-exec-8 - [21/Nov/2023:16:49:57 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=$Unidentified$][Outcome=Success][ReqID=86][CertSerialNum=229508606] certificate request processed
0.https-jsse-jss-nio-21443-exec-8 - [21/Nov/2023:16:49:57 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=$Unidentified$][Outcome=Success][ReqID=86][CertSerialNum=229508606] certificate request processedCopy to Clipboard Copied! Toggle word wrap Toggle overflow
FDP_CER_EXT.2 (extended)
将证书链接到证书请求
测试案例:成功由 CA 代理签名并签发 CMC 请求(使用
cmc.popLinkWitnessRequired=false):PROFILE_CERT_REQUEST0.https-jsse-jss-nio-21443-exec-3 - [21/Nov/2023:16:58:45 EST] [14] [6] [AuditEvent=PROFILE_CERT_REQUEST][SubjectID=caadmin][Outcome=Success][ReqID=87][ProfileID=caECFullCMCUserCert][CertSubject=CN=ecc test ecc-user1,UID=ecc-ecc-user1] certificate request made with certificate profiles
0.https-jsse-jss-nio-21443-exec-3 - [21/Nov/2023:16:58:45 EST] [14] [6] [AuditEvent=PROFILE_CERT_REQUEST][SubjectID=caadmin][Outcome=Success][ReqID=87][ProfileID=caECFullCMCUserCert][CertSubject=CN=ecc test ecc-user1,UID=ecc-ecc-user1] certificate request made with certificate profilesCopy to Clipboard Copied! Toggle word wrap Toggle overflow CERT_REQUEST_PROCESSED(Success)0.https-jsse-jss-nio-21443-exec-3 - [21/Nov/2023:16:58:45 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=87][CertSerialNum=87161545] certificate request processed
0.https-jsse-jss-nio-21443-exec-3 - [21/Nov/2023:16:58:45 EST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=87][CertSerialNum=87161545] certificate request processedCopy to Clipboard Copied! Toggle word wrap Toggle overflow 注意在成功的情况下,
ReqIDCERT_REQUEST_PROCESSED事件,其中CertSerialNum字段包含证书序列号。
FFDP_CER_EXT.3 FDP_CER_EXT.2 (Failure)
- 失败的证书批准
使用 SharedSecret (带有 cmc.popLinkWitnessRequired=true)失败的 CMC 请求,并带有错误的 witness.sharedSecret
CMC_REQUEST_RECEIVED0.https-jsse-jss-nio-21443-exec-9 - [21/Nov/2023:16:57:14 EST] [14] [6] [AuditEvent=CMC_REQUEST_RECEIVED][SubjectID=caadmin][Outcome=Success][CMCRequest=MIILQQYJKoZIhvcNAQcCoIILMjCCCy4CAQMxDzANBglghkgBZQ…] CMC request received
0.https-jsse-jss-nio-21443-exec-9 - [21/Nov/2023:16:57:14 EST] [14] [6] [AuditEvent=CMC_REQUEST_RECEIVED][SubjectID=caadmin][Outcome=Success][CMCRequest=MIILQQYJKoZIhvcNAQcCoIILMjCCCy4CAQMxDzANBglghkgBZQ…] CMC request receivedCopy to Clipboard Copied! Toggle word wrap Toggle overflow CERT_REQUEST_PROCESSED(failure)0.https-jsse-jss-nio-21443-exec-3 - [29/Nov/2023:16:32:16 PST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=$Unidentified$][Outcome=Failure][ReqID=$Unidentified$][InfoName=rejectReason][InfoValue=Proof-of-Identification Verification Failed after verifyIdentityProofV2] certificate request processed
0.https-jsse-jss-nio-21443-exec-3 - [29/Nov/2023:16:32:16 PST] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=$Unidentified$][Outcome=Failure][ReqID=$Unidentified$][InfoName=rejectReason][InfoValue=Proof-of-Identification Verification Failed after verifyIdentityProofV2] certificate request processedCopy to Clipboard Copied! Toggle word wrap Toggle overflow 注意并行出现
CMC_REQUEST_RECEIVED和CERT_REQUEST_PROCESSED将请求对象与失败相关联。
FIA_X509_EXT.1, FIA_X509_EXT.2
证书验证失败; 验证失败
ACCESS_SESSION_ESTABLISH(failure)具有撤销证书的用户试图执行操作。
测试案例:{ pki -d /root/.dogtag/pki_ecc_bootstrap/certs_db/ -c SECret.123 -p 21443 -n 'ecc_SubCA_AgentR' ca-cert-find.
0.https-jsse-jss-nio-21443-exec-18 - [10/Jun/2024:08:48:13 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=ecc_SubCA_AgentR,UID=ecc_SubCA_AgentR][CertSerialNum=135246246][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Failure][Info=serverAlertSent: CERTIFICATE_REVOKED] access session establish failure
0.https-jsse-jss-nio-21443-exec-18 - [10/Jun/2024:08:48:13 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=ecc_SubCA_AgentR,UID=ecc_SubCA_AgentR][CertSerialNum=135246246][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Failure][Info=serverAlertSent: CERTIFICATE_REVOKED] access session establish failureCopy to Clipboard Copied! Toggle word wrap Toggle overflow 具有过期证书的用户试图执行操作。
测试案例:{ pki -d /root/.dogtag/pki_ecc_bootstrap/certs_db/ -c SECret.123 -p 21443 -n 'ecc_SubCA_AgentE' ca-cert-find.
0.https-jsse-jss-nio-21443-exec-19 - [10/Jun/2024:08:49:54 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=ecc_SubCA_AgentE,UID=ecc_SubCA_AgentE][CertSerialNum=70705426][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Failure][Info=serverAlertSent: CERTIFICATE_EXPIRED] access session establish failure
0.https-jsse-jss-nio-21443-exec-19 - [10/Jun/2024:08:49:54 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=ecc_SubCA_AgentE,UID=ecc_SubCA_AgentE][CertSerialNum=70705426][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Failure][Info=serverAlertSent: CERTIFICATE_EXPIRED] access session establish failureCopy to Clipboard Copied! Toggle word wrap Toggle overflow CMC 注册请求使用未知 CA 发布的 TLS 客户端证书提交。
测试案例:将未知 CA 发布的客户端证书添加到 nssdb 中,并运行 # HttpClient /root/.dogtag/pki_ecc_bootstrap/certs_db/HttpClient-cmc-p10.self.cfg.
0.https-jsse-jss-nio-21443-exec-20 - [10/Jun/2024:09:20:34 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=topology-02-CA,O=topology-02_Foobarmaster.org][CertSerialNum=233456275785924569566051339521314398673][IssuerDN=CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org][Outcome=Failure][Info=serverAlertSent: UNKNOWN_CA] access session establish failure
0.https-jsse-jss-nio-21443-exec-20 - [10/Jun/2024:09:20:34 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=topology-02-CA,O=topology-02_Foobarmaster.org][CertSerialNum=233456275785924569566051339521314398673][IssuerDN=CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org][Outcome=Failure][Info=serverAlertSent: UNKNOWN_CA] access session establish failureCopy to Clipboard Copied! Toggle word wrap Toggle overflow 没有常见的加密算法。
测试案例:将 ECC CA 的
server.xml中的密码更改为 RSA 密码,然后运行 # pki -d /root/.dogtag/pki_ecc_bootstrap/certs_db/ -c SECret.123 -p 21443 -n 'ecc_SubCA_AdminV' ca-user-find.0.https-jsse-jss-nio-21443-exec-1 - [10/Jun/2024:09:30:21 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Failure][Info=serverAlertSent: HANDSHAKE_FAILURE] access session establish failure
0.https-jsse-jss-nio-21443-exec-1 - [10/Jun/2024:09:30:21 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=--][CertSerialNum=--][IssuerDN=--][Outcome=Failure][Info=serverAlertSent: HANDSHAKE_FAILURE] access session establish failureCopy to Clipboard Copied! Toggle word wrap Toggle overflow
FIA_UIA_EXT.1 FIA_UAU_EXT.1
特权用户识别和身份验证
ACCESS_SESSION_ESTABLISH→
ACCESS_SESSION_ESTABLISH审计事件的ClientIP字段,包含客户端的 IP 地址。
ACCESS_SESSION_ESTABLISH审计事件的SubjectID字段包含实体的身份。CA
测试案例:{ pki -d /root/.dogtag/pki_ecc_bootstrap/certs_db/ -c SECret.123 -p 21443 -n 'ecc_SubCA_AdminV' ca-user-find.
0.https-jsse-jss-nio-21443-exec-7 - [10/Jun/2024:10:11:19 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=ecc_SubCA_AdminV,UID=ecc_SubCA_AdminV][CertSerialNum=195854754][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success] access session establish success
0.https-jsse-jss-nio-21443-exec-7 - [10/Jun/2024:10:11:19 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=ecc_SubCA_AdminV,UID=ecc_SubCA_AdminV][CertSerialNum=195854754][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success] access session establish successCopy to Clipboard Copied! Toggle word wrap Toggle overflow TPS
测试案例:{ pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -p 25443 -n 'TPS_AdminV' tps-user-find.
0.https-jsse-jss-nio-25443-exec-1 - [11/Jun/2024:05:56:34 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=TPS_AdminV,UID=TPS_AdminV][CertSerialNum=190384736][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-RSA-SubCA,O=Example-rhcs10-RSA-RootCA][Outcome=Success] access session establish success
0.https-jsse-jss-nio-25443-exec-1 - [11/Jun/2024:05:56:34 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=TPS_AdminV,UID=TPS_AdminV][CertSerialNum=190384736][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-RSA-SubCA,O=Example-rhcs10-RSA-RootCA][Outcome=Success] access session establish successCopy to Clipboard Copied! Toggle word wrap Toggle overflow
AUTHAuthMgr字段包含AUTH审计事件中的身份验证机制。CA
测试案例:{ pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -P https -p 31443 -n 'rsa_SubCA_AdminV'。
0.https-jsse-nio-31443-exec-9 - [28/Apr/2023:06:16:11 EDT] [14] [6] [AuditEvent=AUTH][SubjectID=rsa_SubCA_AdminV][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
0.https-jsse-nio-31443-exec-9 - [28/Apr/2023:06:16:11 EDT] [14] [6] [AuditEvent=AUTH][SubjectID=rsa_SubCA_AdminV][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication successCopy to Clipboard Copied! Toggle word wrap Toggle overflow TPS
测试案例:{ pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -p 25443 -n 'PKI TPS Administrator for RSA-TPS' tps-user-find.
0.https-jsse-nio-25443-exec-3 - [28/Apr/2023:06:13:46 EDT] [14] [6] [AuditEvent=AUTH][SubjectID=tpsadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication success
0.https-jsse-nio-25443-exec-3 - [28/Apr/2023:06:13:46 EDT] [14] [6] [AuditEvent=AUTH][SubjectID=tpsadmin][Outcome=Success][AuthMgr=certUserDBAuthMgr] authentication successCopy to Clipboard Copied! Toggle word wrap Toggle overflow
AUTHZCA
测试案例:{ pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -P https -p 31443 -n 'rsa_SubCA_AuditV' ca-audit-file-find.
0.https-jsse-nio-31443-exec-10 - [28/Apr/2023:06:43:30 EDT] [14] [6] [AuditEvent=AUTHZ][SubjectID=rsa_SubCA_AuditV][Outcome=Success][aclResource=certServer.log.content.signedAudit][Op=read][Info=AuditResource.findAuditFiles] authorization success
0.https-jsse-nio-31443-exec-10 - [28/Apr/2023:06:43:30 EDT] [14] [6] [AuditEvent=AUTHZ][SubjectID=rsa_SubCA_AuditV][Outcome=Success][aclResource=certServer.log.content.signedAudit][Op=read][Info=AuditResource.findAuditFiles] authorization successCopy to Clipboard Copied! Toggle word wrap Toggle overflow TPS
测试案例:{ pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -p 25443 -n 'PKI TPS Administrator for RSA-TPS' tps-user-show tpsadmin.
0.https-jsse-nio-25443-exec-20 - [28/Apr/2023:06:46:23 EDT] [14] [6] [AuditEvent=AUTHZ][SubjectID=tpsadmin][Outcome=Success][aclResource=certServer.tps.users][Op=execute][Info=UserResource.getUser] authorization success
0.https-jsse-nio-25443-exec-20 - [28/Apr/2023:06:46:23 EDT] [14] [6] [AuditEvent=AUTHZ][SubjectID=tpsadmin][Outcome=Success][aclResource=certServer.tps.users][Op=execute][Info=UserResource.getUser] authorization successCopy to Clipboard Copied! Toggle word wrap Toggle overflow
ROLE_ASSUMEROLE_ASSUME审计事件的Role字段包含用户假定的角色的名称。CA
测试案例:使用有效凭证登录到
pkiconsole,例如:{ pkiconsole -d /home/jgenie/.redhat-idm-console -n rsa_SubCA_AdminV。0.https-jsse-nio-31443-exec-4 - [28/Apr/2023:06:59:18 EDT] [14] [6] [AuditEvent=ROLE_ASSUME][SubjectID=rsa_SubCA_AdminV][Outcome=Success][Role=Administrators] assume privileged role
0.https-jsse-nio-31443-exec-4 - [28/Apr/2023:06:59:18 EDT] [14] [6] [AuditEvent=ROLE_ASSUME][SubjectID=rsa_SubCA_AdminV][Outcome=Success][Role=Administrators] assume privileged roleCopy to Clipboard Copied! Toggle word wrap Toggle overflow TPS
测试问题单 :使用 TPS_AgentV 证书访问 TPS Web UI Agent 页面。
0.https-jsse-jss-nio-25443-exec-25 - [20/Sep/2023:06:32:56 EDT] [14] [6] [AuditEvent=ROLE_ASSUME][SubjectID=TPS_AgentV][Outcome=Success][Role=TPS Agents] assume privileged role
0.https-jsse-jss-nio-25443-exec-25 - [20/Sep/2023:06:32:56 EDT] [14] [6] [AuditEvent=ROLE_ASSUME][SubjectID=TPS_AgentV][Outcome=Success][Role=TPS Agents] assume privileged roleCopy to Clipboard Copied! Toggle word wrap Toggle overflow
FMT_SMR.2
对属于角色的用户组的修改
CONFIG_ROLE请参阅上面的
CONFIG_ROLE事件。
FPT_FLS.1
在保留安全状态时失败
SELFTESTS_EXECUTION测试问题单:将 OCSP 签名证书指向不存在的证书。例如
ca.cert.ocsp_signing.nickname=NHSM-CONN-XC:non-existing certificate.CA
0.main - [02/May/2023:05:04:54 EDT] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure] self tests execution (see selftests.log for details)
0.main - [02/May/2023:05:04:54 EDT] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure] self tests execution (see selftests.log for details)Copy to Clipboard Copied! Toggle word wrap Toggle overflow CA_AUDIT
0.main - [01/Dec/2023:12:55:07 EST] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure] self tests execution (see selftests.log for details)
0.main - [01/Dec/2023:12:55:07 EST] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure] self tests execution (see selftests.log for details)Copy to Clipboard Copied! Toggle word wrap Toggle overflow SELFTESTS.LOG
0.main - [01/Dec/2023:12:55:07 EST] [20] [1] SystemCertsVerification: system certs verification failure: Unable to validate certificate NHSM-CONN-XC:non-existing certificate not found: NHSM-CONN-XC:non-existing certificate
0.main - [01/Dec/2023:12:55:07 EST] [20] [1] SystemCertsVerification: system certs verification failure: Unable to validate certificate NHSM-CONN-XC:non-existing certificate not found: NHSM-CONN-XC:non-existing certificateCopy to Clipboard Copied! Toggle word wrap Toggle overflow 0.main - [01/Dec/2023:12:55:07 EST] [20] [1] SelfTestSubsystem: The CRITICAL self test plugin called selftests.container.instance.SystemCertsVerification running at startup FAILED!
0.main - [01/Dec/2023:12:55:07 EST] [20] [1] SelfTestSubsystem: The CRITICAL self test plugin called selftests.container.instance.SystemCertsVerification running at startup FAILED!Copy to Clipboard Copied! Toggle word wrap Toggle overflow
FPT_KST_EXT.2
私有/secret 密钥由 HSM 存储,对这些密钥的唯一操作都是通过 TSF 作为签名操作。
n/a: 在正常情况下,Moomating 身份验证是在 RHCS 系统启动时完成的(如果无法验证,则服务器将不会启动,因此当系统启动后,无需进行身份验证(无可日志原因)。
FPT_RCV.1
发生故障或服务中断发生的事实。恢复常规操作。
失败:
SELFTESTS_EXECUTION(失败)CA
测试问题单:在配置文件中添加 bogus 证书 nickname 并重新启动服务器,例如:
ca.cert.sslserver.nickname=Bogus Server-Cert。0.main - [02/May/2023:05:04:54 EDT] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure] self tests execution (see selftests.log for details)
0.main - [02/May/2023:05:04:54 EDT] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure] self tests execution (see selftests.log for details)Copy to Clipboard Copied! Toggle word wrap Toggle overflow TPS
测试案例:在配置文件中添加 bogus 证书 nickname 并重新启动服务器,例如:
selftests.plugin.TPSPresence.nickname=bogusCert。0.main - [02/May/2023:05:11:04 EDT] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure] self tests execution (see selftests.log for details)
0.main - [02/May/2023:05:11:04 EDT] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure] self tests execution (see selftests.log for details)Copy to Clipboard Copied! Toggle word wrap Toggle overflow
- 自我测试日志,请参阅安装指南中的"配置自我测试"。
恢复(例如,修复虚假证书别名并重新启动):
AUDIT_LOG_STARTUP;SELFTESTS_EXECUTION(成功)TPS
0.main - [27/Apr/2023:09:38:36 EDT] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Success] self tests execution (see selftests.log for details)
0.main - [27/Apr/2023:09:38:36 EDT] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Success] self tests execution (see selftests.log for details)Copy to Clipboard Copied! Toggle word wrap Toggle overflow 0.main - [11/May/2023:02:35:32 EDT] [14] [6] [AuditEvent=AUDIT_LOG_STARTUP][SubjectID=$System$][Outcome=Success] audit function startup
0.main - [11/May/2023:02:35:32 EDT] [14] [6] [AuditEvent=AUDIT_LOG_STARTUP][SubjectID=$System$][Outcome=Success] audit function startupCopy to Clipboard Copied! Toggle word wrap Toggle overflow CA
0.main - [02/May/2023:05:20:27 EDT] [14] [6] [AuditEvent=AUDIT_LOG_STARTUP][SubjectID=$System$][Outcome=Success] audit function startup
0.main - [02/May/2023:05:20:27 EDT] [14] [6] [AuditEvent=AUDIT_LOG_STARTUP][SubjectID=$System$][Outcome=Success] audit function startupCopy to Clipboard Copied! Toggle word wrap Toggle overflow 0.main - [25/Apr/2023:02:30:14 EDT] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Success] self tests execution (see selftests.log for details)
0.main - [25/Apr/2023:02:30:14 EDT] [14] [6] [AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Success] self tests execution (see selftests.log for details)Copy to Clipboard Copied! Toggle word wrap Toggle overflow
FPT_STM.1
更改时间。
每个事件的审计日志中的时间戳由 Operational Environment 提供,例如:
date
# date Wed Nov 29 17:31:28 PST 2023Copy to Clipboard Copied! Toggle word wrap Toggle overflow 对 OS 级别的时间变化会被审核。请参阅 第 12.2.3.3 节 “显示时间更改事件”。
测试步骤:在安装后指南(安装指南)中遵循"启用操作系统级审计日志",并执行
# ausearch -k rhcs_audit_time_change。要更改时区,请运行
# timedatectl list-timezones来列出区域,然后使用timedatectl set-timezone设置所需的区域。例如:timedatectl set-timezone America/Los_Angeles
# timedatectl set-timezone America/Los_AngelesCopy to Clipboard Copied! Toggle word wrap Toggle overflow 运行 time change audit 命令将导致类似的日志:
Copy to Clipboard Copied! Toggle word wrap Toggle overflow
FPT_TUD_EXT.1
更新启动。
测试问题单:假设完成一些以前的软件包更新,请使用
# ausearch -m SOFTWARE_UPDATE | grep pki命令:Copy to Clipboard Copied! Toggle word wrap Toggle overflow
FTA_SSL.4
交互式会话的终止。
ACCESS_SESSION_TERMINATEDCA
测试案例:{ pki -d /root/.dogtag/pki_ecc_bootstrap/certs_db/ -c SECret.123 -p 21443 -n 'ecc_SubCA_AgentV' ca-cert-find.
0.https-jsse-jss-nio-21443-exec-5 - [10/Jun/2024:13:18:54 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=ecc_SubCA_AgentV,UID=ecc_SubCA_AgentV][CertSerialNum=72118278][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-21443-exec-5 - [10/Jun/2024:13:18:54 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=ecc_SubCA_AgentV,UID=ecc_SubCA_AgentV][CertSerialNum=72118278][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminatedCopy to Clipboard Copied! Toggle word wrap Toggle overflow TPS
测试案例:{ pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -p 25443 -n 'TPS_AdminV' tps-user-find.
0.https-jsse-jss-nio-25443-exec-6 - [11/Jun/2024:05:56:36 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=TPS_AdminV,UID=TPS_AdminV][CertSerialNum=190384736][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-RSA-SubCA,O=Example-rhcs10-RSA-RootCA][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-25443-exec-6 - [11/Jun/2024:05:56:36 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=TPS_AdminV,UID=TPS_AdminV][CertSerialNum=190384736][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-RSA-SubCA,O=Example-rhcs10-RSA-RootCA][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminatedCopy to Clipboard Copied! Toggle word wrap Toggle overflow
FTP_TRP.1
可信频道启动。终止可信频道。可信路径功能失败。
ACCESS_SESSION_ESTABLISHCA
测试案例:将未知 CA 发布的客户端证书添加到 nssdb 中,并使用它来运行 # HttpClient /root/.dogtag/pki_ecc_bootstrap/certs_db/HttpClient-cmc-p10.self.cfg。
0.https-jsse-jss-nio-21443-exec-20 - [10/Jun/2024:09:20:34 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=topology-02-CA,O=topology-02_Foobarmaster.org][CertSerialNum=233456275785924569566051339521314398673][IssuerDN=CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org][Outcome=Failure][Info=serverAlertSent: UNKNOWN_CA] access session establish failure
0.https-jsse-jss-nio-21443-exec-20 - [10/Jun/2024:09:20:34 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=PKI Administrator,E=caadmin@example.com,OU=topology-02-CA,O=topology-02_Foobarmaster.org][CertSerialNum=233456275785924569566051339521314398673][IssuerDN=CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org][Outcome=Failure][Info=serverAlertSent: UNKNOWN_CA] access session establish failureCopy to Clipboard Copied! Toggle word wrap Toggle overflow TPS
测试案例:{ pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -p 25443 -n 'PKI TPS Administrator for RSA-TPS' tps-token-find.
0.https-jsse-jss-nio-25443-exec-7 - [11/Jun/2024:06:00:52 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=PKI Administrator,E=tpsadmin@example.com,OU=rhcs10-RSA-TPS,O=Example-SubCA][CertSerialNum=32899047][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-RSA-SubCA,O=Example-rhcs10-RSA-RootCA][Outcome=Success] access session establish success
0.https-jsse-jss-nio-25443-exec-7 - [11/Jun/2024:06:00:52 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=PKI Administrator,E=tpsadmin@example.com,OU=rhcs10-RSA-TPS,O=Example-SubCA][CertSerialNum=32899047][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-RSA-SubCA,O=Example-rhcs10-RSA-RootCA][Outcome=Success] access session establish successCopy to Clipboard Copied! Toggle word wrap Toggle overflow
ACCESS_SESSION_TERMINATEDCA
测试案例:{ pki -d /root/.dogtag/pki_ecc_bootstrap/certs_db/ -c SECret.123 -p 21443 -n 'ecc_SubCA_AgentV' ca-cert-find.
0.https-jsse-jss-nio-21443-exec-7 - [10/Jun/2024:10:36:08 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=ecc_SubCA_AgentV,UID=ecc_SubCA_AgentV][CertSerialNum=72118278][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-21443-exec-7 - [10/Jun/2024:10:36:08 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=ecc_SubCA_AgentV,UID=ecc_SubCA_AgentV][CertSerialNum=72118278][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminatedCopy to Clipboard Copied! Toggle word wrap Toggle overflow 测试案例:使用角色用户登录 CA Agent 页面,并关闭浏览器。
0.https-jsse-jss-nio-21443-exec-11 - [10/Jun/2024:13:35:09 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=ecc_SubCA_AgentV,UID=ecc_SubCA_AgentV][CertSerialNum=72118278][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-21443-exec-11 - [10/Jun/2024:13:35:09 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=ecc_SubCA_AgentV,UID=ecc_SubCA_AgentV][CertSerialNum=72118278][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminatedCopy to Clipboard Copied! Toggle word wrap Toggle overflow TPS
测试案例:{ pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -p 25443 -n 'TPS_AdminV' tps-user-find 或使用角色用户登录到 TPS Agent 页面,并关闭浏览器。
0.https-jsse-jss-nio-25443-exec-20 - [11/Jun/2024:06:03:06 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=TPS_AdminV,UID=TPS_AdminV][CertSerialNum=190384736][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-RSA-SubCA,O=Example-rhcs10-RSA-RootCA][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminated
0.https-jsse-jss-nio-25443-exec-20 - [11/Jun/2024:06:03:06 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=TPS_AdminV,UID=TPS_AdminV][CertSerialNum=190384736][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-RSA-SubCA,O=Example-rhcs10-RSA-RootCA][Outcome=Success][Info=serverAlertSent: CLOSE_NOTIFY] access session terminatedCopy to Clipboard Copied! Toggle word wrap Toggle overflow
FCS_CKM.1 和 FCS_CKM.2
- 不可用。没有与 TOE 相关的功能,其中 TOE 子系统生成(或请求 OE 生成)非临时密钥。所有系统证书都是在安装过程中用户密钥的生成方式,在 TOE 运行之前,在可以审核前进行审核。
FCS_CKM_EXT.4
- 不可用
FCS_COP.1(2)
所有出现的签名都使用 CA 签名密钥生成。
CERT_SIGNING_INFO在系统启动时记录 CA 签名证书信息0.https-jsse-nio-8443-exec-5 - [25/Apr/2023:02:26:34 EDT] [14] [6] [AuditEvent=CERT_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=96:44:A6:53:DB:AF:3D:C3:3D:A0:00:0A:84:CB:6E:0E:B5:3E:4E:10] certificate signing info
0.https-jsse-nio-8443-exec-5 - [25/Apr/2023:02:26:34 EDT] [14] [6] [AuditEvent=CERT_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=96:44:A6:53:DB:AF:3D:C3:3D:A0:00:0A:84:CB:6E:0E:B5:3E:4E:10] certificate signing infoCopy to Clipboard Copied! Toggle word wrap Toggle overflow CERT_REQUEST_PROCESSED(success)测试问题单 :请参阅上面的
CERT_REQUEST_PROCESSED(success)。0.https-jsse-nio-8443-exec-3 - [25/Apr/2023:02:28:17 EDT] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=7][CertSerialNum=165675596] certificate request processed
0.https-jsse-nio-8443-exec-3 - [25/Apr/2023:02:28:17 EDT] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=7][CertSerialNum=165675596] certificate request processedCopy to Clipboard Copied! Toggle word wrap Toggle overflow OCSP_SIGNING_INFO在系统启动时记录 OCSP 签名证书信息0.main - [25/Apr/2023:02:28:39 EDT] [14] [6] [AuditEvent=OCSP_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A3:AB:71:4C:E0:C8:8B:E4:6D:08:5B:10:EC:F3:E4:6B:F3:70:EB:57] OCSP signing info
0.main - [25/Apr/2023:02:28:39 EDT] [14] [6] [AuditEvent=OCSP_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=A3:AB:71:4C:E0:C8:8B:E4:6D:08:5B:10:EC:F3:E4:6B:F3:70:EB:57] OCSP signing infoCopy to Clipboard Copied! Toggle word wrap Toggle overflow OCSP_GENERATION(success)测试案例: 按照 TBD "测试 CRL 发布"中的步骤进行操作,以运行
OCSPClient,以触发 OCSP 响应。0.http-nio-32080-exec-1 - [25/Apr/2023:06:07:29 EDT] [14] [6] [AuditEvent=OCSP_GENERATION][SubjectID=$NonRoleUser$][Outcome=Success] OCSP response generation
0.http-nio-32080-exec-1 - [25/Apr/2023:06:07:29 EDT] [14] [6] [AuditEvent=OCSP_GENERATION][SubjectID=$NonRoleUser$][Outcome=Success] OCSP response generationCopy to Clipboard Copied! Toggle word wrap Toggle overflow CRL_SIGNING_INFO在系统启动时记录 CRL 签名密钥信息0.main - [25/Apr/2023:05:55:22 EDT] [14] [6] [AuditEvent=CRL_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=2C:E1:7C:DB:B0:6E:62:36:70:67:B7:BF:19:80:4C:D0:8F:B5:80:02] CRL signing info
0.main - [25/Apr/2023:05:55:22 EDT] [14] [6] [AuditEvent=CRL_SIGNING_INFO][SubjectID=$System$][Outcome=Success][SKI=2C:E1:7C:DB:B0:6E:62:36:70:67:B7:BF:19:80:4C:D0:8F:B5:80:02] CRL signing infoCopy to Clipboard Copied! Toggle word wrap Toggle overflow FULL_CRL_GENERATION(success)测试案例:删除过滤器
log.instance.SignedAudit.filters.FULL_CRL_GENERATION=(Outcome=Failure),并将 revocation bufferauths.revocationChecking.bufferSize设置为 0,将ca.crl.MasterCRL.alwaysUpdate设置为true。然后,按照安装指南中的"测试 CRL 发布"中的步骤撤销证书并调用UpdateCRL端点。0.Thread-17 - [04/May/2023:05:46:26 EDT] [14] [6] [AuditEvent=FULL_CRL_GENERATION][SubjectID=$Unidentified$][Outcome=Success][CRLnum=62] Full CRL generation
0.Thread-17 - [04/May/2023:05:46:26 EDT] [14] [6] [AuditEvent=FULL_CRL_GENERATION][SubjectID=$Unidentified$][Outcome=Success][CRLnum=62] Full CRL generationCopy to Clipboard Copied! Toggle word wrap Toggle overflow DELTA_CRL_GENERATION(success)测试问题单:遵循之前的所有情况,并启用 DELTA CRL (
ca.crl.MasterCRL.extension.DeltaCRLIndicator.enable为true)。然后,按照安装指南中的"测试 CRL 发布"中的步骤撤销证书并调用UpdateCRL端点。0.Thread-17 - [04/May/2023:06:29:03 EDT] [14] [6] [AuditEvent=DELTA_CRL_GENERATION][SubjectID=$Unidentified$][Outcome=Success][CRLnum=63] Delta CRL generation
0.Thread-17 - [04/May/2023:06:29:03 EDT] [14] [6] [AuditEvent=DELTA_CRL_GENERATION][SubjectID=$Unidentified$][Outcome=Success][CRLnum=63] Delta CRL generationCopy to Clipboard Copied! Toggle word wrap Toggle overflow
签名生成失败。
CERT_REQUEST_PROCESSED(failure)测试案例:遵循上述 CMC 注册流程,但在执行
HttpClient配置文件时,使用配置文件caCMCUserCert而不是caCMCECUserCert。0.https-jsse-jss-nio-21443-exec-18 - [14/Sep/2023:13:44:35 EDT] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=$NonRoleUser$][Outcome=Failure][ReqID=71][InfoName=rejectReason][InfoValue=Request 71 Rejected - Key Type RSA Not Matched] certificate request processed
0.https-jsse-jss-nio-21443-exec-18 - [14/Sep/2023:13:44:35 EDT] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=$NonRoleUser$][Outcome=Failure][ReqID=71][InfoName=rejectReason][InfoValue=Request 71 Rejected - Key Type RSA Not Matched] certificate request processedCopy to Clipboard Copied! Toggle word wrap Toggle overflow OCSP_GENERATION(failure)0.http-nio-32080-exec-15 - [25/Apr/2023:02:47:47 EDT] [14] [6] [AuditEvent=OCSP_GENERATION][SubjectID=$NonRoleUser$][Outcome=Failure][FailureReason=End-of-file reached while decoding ASN.1 header] OCSP response generation
0.http-nio-32080-exec-15 - [25/Apr/2023:02:47:47 EDT] [14] [6] [AuditEvent=OCSP_GENERATION][SubjectID=$NonRoleUser$][Outcome=Failure][FailureReason=End-of-file reached while decoding ASN.1 header] OCSP response generationCopy to Clipboard Copied! Toggle word wrap Toggle overflow
FCS_HTTPS_EXT.1 and FCS_TLSS_EXT.2
无法建立 HTTPS/TLS 会话。
ACCESS_SESSION_ESTABLISH(failure)See FTP_TRP.1
HTTPS/TLS 会话的 establishment/termination
ACCESS_SESSION_TERMINATEDSee FIA_UIA_EXT.1
FCS_TLSC_EXT.2
无法建立 TLS 会话。
CLIENT_ACCESS_SESSION_ESTABLISH(failure)当客户端和会话无法访问服务器时,系统会失败。在这种情况下,CA 在 Key Archival 和 KRA 期间,CA 充当 KRA 的客户端。
测试案例:禁用 KRA 并执行
HttpClient请求。例如,安装指南中的"测试密钥归档"中的步骤操作。0.https-jsse-jss-nio-21443-exec-15 - [10/Jun/2024:12:29:16 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_ESTABLISH][ClientHost=10.0.188.72][ServerHost=rhcs10.example.com][ServerPort=23443][SubjectID=SYSTEM][Outcome=Failure][Info=send:java.io.IOException: Socket has been closed, and cannot be reused.] access session failed to establish when Certificate System acts as client
0.https-jsse-jss-nio-21443-exec-15 - [10/Jun/2024:12:29:16 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_ESTABLISH][ClientHost=10.0.188.72][ServerHost=rhcs10.example.com][ServerPort=23443][SubjectID=SYSTEM][Outcome=Failure][Info=send:java.io.IOException: Socket has been closed, and cannot be reused.] access session failed to establish when Certificate System acts as clientCopy to Clipboard Copied! Toggle word wrap Toggle overflow 当 CA 的子系统证书被撤销时,它会尝试访问 KRA。
测试案例:撤销 CA 系统证书并执行 KRA 测试。
KRA
测试案例:标记 CA 的子系统证书已保留并执行密钥存档(CA
KRA)。 httpclient在 KRA 的审计日志记录文件中触发事件。0.https-jsse-jss-nio-23443-exec-1 - [10/Jun/2024:12:35:25 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=Subsystem Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][CertSerialNum=208481924][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Failure][Info=serverAlertSent: CERTIFICATE_REVOKED] access session establish failure
0.https-jsse-jss-nio-23443-exec-1 - [10/Jun/2024:12:35:25 EDT] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.0.188.72][ServerIP=10.0.188.72][SubjectID=CN=Subsystem Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][CertSerialNum=208481924][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Failure][Info=serverAlertSent: CERTIFICATE_REVOKED] access session establish failureCopy to Clipboard Copied! Toggle word wrap Toggle overflow CA
测试案例:撤销 CA 系统证书并执行 KRA 测试。
0.https-jsse-jss-nio-21443-exec-3 - [10/Jun/2024:12:35:25 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_ESTABLISH][ClientHost=10.0.188.72][ServerHost=rhcs10.example.com][ServerPort=23443][SubjectID=SYSTEM][Outcome=Failure][Info=send:java.io.IOException: Socket has been closed, and cannot be reused.] access session failed to establish when Certificate System acts as client
0.https-jsse-jss-nio-21443-exec-3 - [10/Jun/2024:12:35:25 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_ESTABLISH][ClientHost=10.0.188.72][ServerHost=rhcs10.example.com][ServerPort=23443][SubjectID=SYSTEM][Outcome=Failure][Info=send:java.io.IOException: Socket has been closed, and cannot be reused.] access session failed to establish when Certificate System acts as clientCopy to Clipboard Copied! Toggle word wrap Toggle overflow 0.ConnectAsync - [10/Jun/2024:12:35:25 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_TERMINATED][ClientHost=10.0.188.72][ServerHost=10.0.188.72][ServerPort=23443][SubjectID=CN=rhcs10.example.com,OU=rhcs10-ECC-KRA,O=Example-SubCA][CertSerialNum=42383494][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success][Info=clientAlertReceived: CERTIFICATE_REVOKED] access session terminated when Certificate System acts as client
0.ConnectAsync - [10/Jun/2024:12:35:25 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_TERMINATED][ClientHost=10.0.188.72][ServerHost=10.0.188.72][ServerPort=23443][SubjectID=CN=rhcs10.example.com,OU=rhcs10-ECC-KRA,O=Example-SubCA][CertSerialNum=42383494][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success][Info=clientAlertReceived: CERTIFICATE_REVOKED] access session terminated when Certificate System acts as clientCopy to Clipboard Copied! Toggle word wrap Toggle overflow
TLS 会话的 establishment/termination。
CLIENT_ACCESS_SESSION_TERMINATED测试案例:尝试在不设置 CA Admin 证书的情况下登录 PKI 控制台。
0.https-jsse-jss-nio-31443-exec-9 - [11/Jun/2024:09:31:47 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_TERMINATED][ClientHost=10.0.188.72][ServerHost=10.0.188.64][ServerPort=7636][SubjectID=CN=rhds11-5.example.com][CertSerialNum=119813240][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-RSA-SubCA,O=Example-rhcs10-RSA-RootCA][Outcome=Success][Info=clientAlertSent: CLOSE_NOTIFY] access session terminated when Certificate System acts as client
0.https-jsse-jss-nio-31443-exec-9 - [11/Jun/2024:09:31:47 EDT] [14] [6] [AuditEvent=CLIENT_ACCESS_SESSION_TERMINATED][ClientHost=10.0.188.72][ServerHost=10.0.188.64][ServerPort=7636][SubjectID=CN=rhds11-5.example.com][CertSerialNum=119813240][IssuerDN=CN=CA Signing Certificate,OU=rhcs10-RSA-SubCA,O=Example-rhcs10-RSA-RootCA][Outcome=Success][Info=clientAlertSent: CLOSE_NOTIFY] access session terminated when Certificate System acts as clientCopy to Clipboard Copied! Toggle word wrap Toggle overflow
FDP_CRL_EXT.1
未能生成 CRL。
FULL_CRL_GENERATION(failure)测试案例:作为代理,在 CA 代理 Web 门户上登录,单击 Update Revocation List 和在 签名算法下, 选择
SHA1withRSA。对SHA1withRSA的计数仍然是 UI 中的选项,但不再被允许。0.CRLIssuingPoint-MasterCRL - [11/May/2023:00:09:42 EDT] [14] [6] [AuditEvent=FULL_CRL_GENERATION][SubjectID=$Unidentified$][Outcome=Failure][FailureReason=Signing algorithm not supported: SHA1withRSA: Unable to create signing context: (-8011) Unknown error] Full CRL generation
0.CRLIssuingPoint-MasterCRL - [11/May/2023:00:09:42 EDT] [14] [6] [AuditEvent=FULL_CRL_GENERATION][SubjectID=$Unidentified$][Outcome=Failure][FailureReason=Signing algorithm not supported: SHA1withRSA: Unable to create signing context: (-8011) Unknown error] Full CRL generationCopy to Clipboard Copied! Toggle word wrap Toggle overflow
FDP_OCSPG_EXT.1 (extended)
未能生成证书状态信息。
OCSP_GENERATION(failure)测试案例:将
ca.ocsp=false设置为在 CA 中禁用 OCSP 服务,并运行OCSPClient。0.http-nio-31080-exec-1 - [30/Nov/2023:18:50:51 EST] [14] [6] [AuditEvent=OCSP_GENERATION][SubjectID=$NonRoleUser$][Outcome=Failure][FailureReason=OCSP service disabled] OCSP response generation
0.http-nio-31080-exec-1 - [30/Nov/2023:18:50:51 EST] [14] [6] [AuditEvent=OCSP_GENERATION][SubjectID=$NonRoleUser$][Outcome=Failure][FailureReason=OCSP service disabled] OCSP response generationCopy to Clipboard Copied! Toggle word wrap Toggle overflow
FIA_AFL.1
Unsuccessful Authentication Attempts 的阈值。操作提示.重新启用禁用的非管理帐户。
不可用。仅用于密码身份验证。证书系统仅提供基于证书的身份验证。
FIA_CMCS_EXT.1
包含证书请求或撤销请求的 CMC 请求(生成或接收)。已发布的 CMC 响应。
CMC_SIGNED_REQUEST_SIG_VERIFY测试问题单:从
CS.cfg中删除log.instance.SignedAudit.filters.CMC_SIGNED_REQUEST_SIG_VERIFY参数,并重启 CA。然后,创建并提交代理签名的 CMC 请求,例如,安装指南中的user1证书颁发的步骤。0.https-jsse-jss-nio-21443-exec-3 - [25/Nov/2023:16:47:47 PST] [14] [6] [AuditEvent=CMC_SIGNED_REQUEST_SIG_VERIFY][SubjectID=CN=PKI Administrator,E=example@redhat.com,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success][ReqType=enrollment][CertSubject=CN=ecc test ecc-user1,UID=ecc-ecc-user1][SignerInfo=CN=PKI Administrator,E=example@redhat.com,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA] agent signed CMC request signature verification
0.https-jsse-jss-nio-21443-exec-3 - [25/Nov/2023:16:47:47 PST] [14] [6] [AuditEvent=CMC_SIGNED_REQUEST_SIG_VERIFY][SubjectID=CN=PKI Administrator,E=example@redhat.com,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success][ReqType=enrollment][CertSubject=CN=ecc test ecc-user1,UID=ecc-ecc-user1][SignerInfo=CN=PKI Administrator,E=example@redhat.com,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA] agent signed CMC request signature verificationCopy to Clipboard Copied! Toggle word wrap Toggle overflow CMC_USER_SIGNED_REQUEST_SIG_VERIFY成功请求:
测试案例:提交 CMC (用户签名或自签名)证书注册或撤销请求并验证签名。例如:
-
从
CS.cfg中删除log.instance.SignedAudit.filters.CMC_SIGNED_REQUEST_SIG_VERIFY参数,然后重新启动 CA。 - 然后,创建并提交用户签名的(共享令牌)请求,例如,安装指南中的 7.8.4.3"Test the CMC Shared Token"。
0.https-jsse-jss-nio-21443-exec-6 - [25/Nov/2023:17:02:13 PST] [14] [6] [AuditEvent=CMC_USER_SIGNED_REQUEST_SIG_VERIFY][SubjectID=CN=PKI Administrator,E=example@redhat.com,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success][ReqType=enrollment][CertSubject=CN=eccFooUser123,UID=eccFooUser123,OU=self-signed][SignerInfo=$Unidentified$] User signed CMC request signature verification success
0.https-jsse-jss-nio-21443-exec-6 - [25/Nov/2023:17:02:13 PST] [14] [6] [AuditEvent=CMC_USER_SIGNED_REQUEST_SIG_VERIFY][SubjectID=CN=PKI Administrator,E=example@redhat.com,OU=rhcs10-ECC-SubCA,O=Example-rhcs10-ECC-RootCA][Outcome=Success][ReqType=enrollment][CertSubject=CN=eccFooUser123,UID=eccFooUser123,OU=self-signed][SignerInfo=$Unidentified$] User signed CMC request signature verification successCopy to Clipboard Copied! Toggle word wrap Toggle overflow -
从
CMC_REQUEST_RECEIVED成功请求:
测试案例:使用 SharedSecret 成功 CMC 请求(使用
cmc.popLinkWitnessRequired=true)。0.https-jsse-jss-nio-21443-exec-8 - [21/Nov/2023:16:49:57 EST] [14] [6] [AuditEvent=CMC_REQUEST_RECEIVED][SubjectID=$Unidentified$][Outcome=Success][CMCRequest=MIIDYgYJKoZIhvcNAQcCoIIDUzCCA08CAQMxDzANBglghkgBZQMEAgEFA…] CMC request received
0.https-jsse-jss-nio-21443-exec-8 - [21/Nov/2023:16:49:57 EST] [14] [6] [AuditEvent=CMC_REQUEST_RECEIVED][SubjectID=$Unidentified$][Outcome=Success][CMCRequest=MIIDYgYJKoZIhvcNAQcCoIIDUzCCA08CAQMxDzANBglghkgBZQMEAgEFA…] CMC request receivedCopy to Clipboard Copied! Toggle word wrap Toggle overflow
PROOF_OF_POSSESSION(Enrollment Event)测试案例:使用 SharedSecret 成功 CMC 请求(使用
cmc.popLinkWitnessRequired=true)。0.https-jsse-jss-nio-21443-exec-8 - [21/Nov/2023:16:49:57 EST] [14] [6] [AuditEvent=PROOF_OF_POSSESSION][SubjectID=eccFooUser123][Outcome=Success][Info=method=EnrollProfile: fillTaggedRequest: ] proof of possession
0.https-jsse-jss-nio-21443-exec-8 - [21/Nov/2023:16:49:57 EST] [14] [6] [AuditEvent=PROOF_OF_POSSESSION][SubjectID=eccFooUser123][Outcome=Success][Info=method=EnrollProfile: fillTaggedRequest: ] proof of possessionCopy to Clipboard Copied! Toggle word wrap Toggle overflow PROFILE_CERT_REQUEST(Enrollment Event)测试案例:成功由 CA 代理签名并签发 CMC 请求(使用
cmc.popLinkWitnessRequired=false)。0.https-jsse-jss-nio-21443-exec-3 - [21/Nov/2023:16:58:45 EST] [14] [6] [AuditEvent=PROFILE_CERT_REQUEST][SubjectID=caadmin][Outcome=Success][ReqID=87][ProfileID=caECFullCMCUserCert][CertSubject=CN=ecc test ecc-user1,UID=ecc-ecc-user1] certificate request made with certificate profiles
0.https-jsse-jss-nio-21443-exec-3 - [21/Nov/2023:16:58:45 EST] [14] [6] [AuditEvent=PROFILE_CERT_REQUEST][SubjectID=caadmin][Outcome=Success][ReqID=87][ProfileID=caECFullCMCUserCert][CertSubject=CN=ecc test ecc-user1,UID=ecc-ecc-user1] certificate request made with certificate profilesCopy to Clipboard Copied! Toggle word wrap Toggle overflow CERT_STATUS_CHANGE_REQUEST成功 :
测试案例:按照《安装指南》中的"测试 CRL 发布"中的示例进行发布,然后撤销
user2的证书。[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=CN=ecc test ecc-user2,UID=ecc-ecc-user2][Outcome=Success][ReqID=14][CertSerialNum=15390937][RequestType=revoke][RevokeReasonNum=Unspecified][Approval=complete] certificate status change request processed
[AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=CN=ecc test ecc-user2,UID=ecc-ecc-user2][Outcome=Success][ReqID=14][CertSerialNum=15390937][RequestType=revoke][RevokeReasonNum=Unspecified][Approval=complete] certificate status change request processedCopy to Clipboard Copied! Toggle word wrap Toggle overflow 失败 :
0.https-jsse-nio-31443-exec-5 - [09/May/2023:16:42:56 EDT] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST][SubjectID=caadmin][Outcome=Failure][ReqID=<null>][CertSerialNum=0x2c192ac][RequestType=on-hold] certificate revocation/unrevocation request made
0.https-jsse-nio-31443-exec-5 - [09/May/2023:16:42:56 EDT] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST][SubjectID=caadmin][Outcome=Failure][ReqID=<null>][CertSerialNum=0x2c192ac][RequestType=on-hold] certificate revocation/unrevocation request madeCopy to Clipboard Copied! Toggle word wrap Toggle overflow
CERT_REQUEST_PROCESSED成功请求:
测试问题单:包含证书状态更改(撤销、已过期、已保留、已保留)。
0.https-jsse-nio-31443-exec-24 - [28/Apr/2023:09:58:07 EDT] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=67][CertSerialNum=86198753] certificate request processed
0.https-jsse-nio-31443-exec-24 - [28/Apr/2023:09:58:07 EDT] [14] [6] [AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Success][ReqID=67][CertSerialNum=86198753] certificate request processedCopy to Clipboard Copied! Toggle word wrap Toggle overflow
CERT_STATUS_CHANGE_REQUEST_PROCESSED成功请求:
测试问题单:完成证书状态更改(撤销、已过期、已保留、已保留)。
0.https-jsse-nio-31443-exec-14 - [09/May/2023:17:29:35 EDT] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=rsa_SubCA_AgentV][Outcome=Success][ReqID=80][CertSerialNum=0x2c192ac][RequestType=<null>][RevokeReasonNum=6][Approval=complete] certificate status change request processed
0.https-jsse-nio-31443-exec-14 - [09/May/2023:17:29:35 EDT] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=rsa_SubCA_AgentV][Outcome=Success][ReqID=80][CertSerialNum=0x2c192ac][RequestType=<null>][RevokeReasonNum=6][Approval=complete] certificate status change request processedCopy to Clipboard Copied! Toggle word wrap Toggle overflow 失败的请求:
完成吊销,
shrToknot found.测试问题单:
0.http-bio-20443-exec-14 - [29/Jan/2019:07:15:27 EST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=<null>][Outcome=Failure][ReqID=<null>][CertSerialNum=20][RequestType=revoke][RevokeReasonNum=Certificate_Hold][Approval=rejected][Info=CMCOutputTemplate: SharedSecret.getSharedToken(BigInteger serial): shrTok not found in metaInfo] certificate status change request processed
0.http-bio-20443-exec-14 - [29/Jan/2019:07:15:27 EST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=<null>][Outcome=Failure][ReqID=<null>][CertSerialNum=20][RequestType=revoke][RevokeReasonNum=Certificate_Hold][Approval=rejected][Info=CMCOutputTemplate: SharedSecret.getSharedToken(BigInteger serial): shrTok not found in metaInfo] certificate status change request processedCopy to Clipboard Copied! Toggle word wrap Toggle overflow 完成撤销、证书签发者和请求签发者不匹配。
测试问题单:
0.http-bio-20443-exec-20 - [29/Jan/2019:07:30:41 EST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=UID=user1a,OU=People,DC=rhel76,DC=test][Outcome=Failure][ReqID=<null>][CertSerialNum=20][RequestType=revoke][RevokeReasonNum=Certificate_Hold][Approval=rejected][Info= certificate issuer DN and revocation request issuer DN do not match] certificate status change request processed
0.http-bio-20443-exec-20 - [29/Jan/2019:07:30:41 EST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=UID=user1a,OU=People,DC=rhel76,DC=test][Outcome=Failure][ReqID=<null>][CertSerialNum=20][RequestType=revoke][RevokeReasonNum=Certificate_Hold][Approval=rejected][Info= certificate issuer DN and revocation request issuer DN do not match] certificate status change request processedCopy to Clipboard Copied! Toggle word wrap Toggle overflow 完成撤销,保持证书状态更新。
测试案例:在安装指南中的"测试 CRL 发布"以撤销使用
user2的证书,而不是创建/撤销实际证书,只需编辑 CMC 请求文件,以便revRequest.serial被分配不存在的序列号,如revRequest.serial=1111111。0.https-jsse-jss-nio-21443-exec-12 - [27/Nov/2023:11:34:53 PST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=<null>][Outcome=Failure][ReqID=<null>][CertSerialNum=1111111][RequestType=revoke][RevokeReasonNum=Unspecified][Approval=rejected][Info= The certificate is not found] certificate status change request processed
0.https-jsse-jss-nio-21443-exec-12 - [27/Nov/2023:11:34:53 PST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=<null>][Outcome=Failure][ReqID=<null>][CertSerialNum=1111111][RequestType=revoke][RevokeReasonNum=Unspecified][Approval=rejected][Info= The certificate is not found] certificate status change request processedCopy to Clipboard Copied! Toggle word wrap Toggle overflow
CMC_RESPONSE_SENT注册
成功响应
测试案例:通过 第 5.2 节 “创建证书签名请求(CSR)” 创建 CSR,然后按照 第 5.3.1 节 “CMC 注册过程” 创建 CMCRequest 配置文件,然后使用
HttpClient提交请求。0.https-jsse-nio-31443-exec-8 - [01/May/2023:23:37:50 EDT] [14] [6] [AuditEvent=CMC_RESPONSE_SENT][SubjectID=FooUser123][Outcome=Success][CMCResponse=MIIM+wYJkwWSE/] CMC response sent
0.https-jsse-nio-31443-exec-8 - [01/May/2023:23:37:50 EDT] [14] [6] [AuditEvent=CMC_RESPONSE_SENT][SubjectID=FooUser123][Outcome=Success][CMCResponse=MIIM+wYJkwWSE/] CMC response sentCopy to Clipboard Copied! Toggle word wrap Toggle overflow
吊销
成功撤销
测试问题单 :撤销证书,例如,按照 第 6.2.1.1 节 “使用
CMCRequest吊销证书” 中的步骤操作。0.http-bio-20443-exec-9 - [29/Jan/2019:07:43:36 EST] [14] [6] [AuditEvent=CMC_RESPONSE_SENT][SubjectID=$Unidentified$][Outcome=Success][CMCResponse=MIIExgYJKoZ...] CMC response sent
0.http-bio-20443-exec-9 - [29/Jan/2019:07:43:36 EST] [14] [6] [AuditEvent=CMC_RESPONSE_SENT][SubjectID=$Unidentified$][Outcome=Success][CMCResponse=MIIExgYJKoZ...] CMC response sentCopy to Clipboard Copied! Toggle word wrap Toggle overflow 吊销失败
不会发生撤销
测试问题单 :撤销不存在的证书,例如在 第 6.2.1.1 节 “使用
CMCRequest吊销证书” 中按照流程操作。0.https-jsse-nio-31443-exec-8 - [01/May/2023:23:37:50 EDT] [14] [6] [AuditEvent=CMC_RESPONSE_SENT][SubjectID=FooUser123][Outcome=Success][CMCResponse=MIIM+wYJKoZIh…] CMC response sent
0.https-jsse-nio-31443-exec-8 - [01/May/2023:23:37:50 EDT] [14] [6] [AuditEvent=CMC_RESPONSE_SENT][SubjectID=FooUser123][Outcome=Success][CMCResponse=MIIM+wYJKoZIh…] CMC response sentCopy to Clipboard Copied! Toggle word wrap Toggle overflow
FPT_SKY_EXT.1(2)/OTH
AUTHZ失败 :代理用户尝试检索审计日志:
测试案例:{ pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -p 31443 -n 'rsa_SubCA_AdminV' ca-audit-file-find.
0.https-jsse-nio-31443-exec-24 - [03/May/2023:08:30:38 EDT] [14] [6] [AuditEvent=AUTHZ][SubjectID=rsa_SubCA_AdminV][Outcome=Failure][aclResource=certServer.log.content.signedAudit][Op=read][Info=Authorization Error] authorization failure
0.https-jsse-nio-31443-exec-24 - [03/May/2023:08:30:38 EDT] [14] [6] [AuditEvent=AUTHZ][SubjectID=rsa_SubCA_AdminV][Outcome=Failure][aclResource=certServer.log.content.signedAudit][Op=read][Info=Authorization Error] authorization failureCopy to Clipboard Copied! Toggle word wrap Toggle overflow 成功 :审核员用户检索审计日志:
测试案例:{ pki -d /root/.dogtag/pki_rsa_bootstrap/certs_db/ -c SECret.123 -p 31443 -n 'rsa_SubCA_AuditV' ca-audit-file-find.
0.https-jsse-nio-31443-exec-5 - [03/May/2023:08:31:11 EDT] [14] [6] [AuditEvent=AUTHZ][SubjectID=rsa_SubCA_AuditV][Outcome=Success][aclResource=certServer.log.content.signedAudit][Op=read][Info=AuditResource.findAuditFiles] authorization success
0.https-jsse-nio-31443-exec-5 - [03/May/2023:08:31:11 EDT] [14] [6] [AuditEvent=AUTHZ][SubjectID=rsa_SubCA_AuditV][Outcome=Success][aclResource=certServer.log.content.signedAudit][Op=read][Info=AuditResource.findAuditFiles] authorization successCopy to Clipboard Copied! Toggle word wrap Toggle overflow
FTP_ITC.1
可信频道启动。终止可信频道。可信频道功能失败。
- See FCS_HTTPS_EXT.1
- See FCS_TLSC_EXT.2
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}