AudCGen is a command line utility that generates custom X.509 certificates for the Secure Logging Server and logging applications. Novell Audit uses certificates to authenticate logging applications and sign events. For more information on generating certificates, see Section 9.3, Managing Certificates.
The AudCGen utility is located in the following directories:
Table H-2 AudCGen Directories
|
Platform |
Directory |
|---|---|
|
NetWare |
sys:\system\audcgen |
|
Windows |
\program files\novell\nsure audit\audcgen.exe |
|
Linux |
/opt/novell/naudit/audcgen |
|
Solaris |
/opt/NOVLnaudit/audcgen |
The following table reviews each of the command parameters.
Table H-3 AudCGen Command Parameters
|
Parameter |
Description |
|---|---|
|
–app:Application_Identifier |
The logging application’s Application Identifier. This is synonymous with the application name that appears in the application's corresponding .lsc file and must match the Application Identifier stored in the logging application’s Application object. |
|
–appcert:path |
The output path and filename for the logging application’s public certificate. The default filename is app_cert.pem. The default path is platform-specific and can be changed using the –base parameter. |
|
–apppkey:path |
The output path and filename for the logging application's private key. The default filename is app_pkey.pem. The default path is platform-specific and can be changed using the –base parameter. |
|
–base |
The base path used when reading from or writing to files. The default path is platform-specific. |
|
–bits:number |
The number of encryption bits used during certificate creation. Values of 384-4096 are accepted. The default value is 2048. |
|
–cert:path |
The path and filename to the public certificate used by the Novell Audit Secure Logging Server. The Secure Logging Server’s certificate key pair must be provided when generating a certificate key pair for a logging application. The default filename is ca_cert.pem. The default path is platform-specific and can be changed using the –base parameter. |
|
–csr:path |
Create a Certificate Signing Request (CSR) to be signed by a third-party CA. The default filename is app_csr.pem. The default path is platform-specific and can be changed using the –base parameter. |
|
–f |
Force overwrite. AudCGen overwrites any existing certificates or private keys of the same name (for example, app_cert.pem or appp_key.pem) in the output directory. This parameter is optional. If you do not use the -f parameter and there is an existing file, AudCGen aborts creation of the certificate. |
|
–pkey:path |
The path and filename to the private key used by the Novell Audit Secure Logging Server (SLS). The SLS certificate key pair must be provided when generating a certificate key pair for a logging application. The default filename is ca_pkey.pem. The default path is platform-specific and can be changed using the –base parameter. |
|
–sn:number |
This parameter creates a serial number for the generated certificate. This can be useful in maintaining and tracking your system’s certificates. This parameter is optional. |
|
–ss |
Generate a self-signed root certificate key pair for the Novell Audit Secure Logging Server. This option uses the internal Novell Audit CA. NOTE:Do not use this option if you want to use a certificate signed by a third-party CA. |
|
–valid:number |
Specifies the number of days for which the generated public certificate will be valid (in days). The default value is 10 years. |
|
–verify |
Verify the certificate signing chain between the root certificate used by the Secure Logging Server and the logging application certificates. NOTE:This option performs only partial verification when verifying third-party certificates. For additional information, see Validating Certificates. |