Novell Documentation: NSure Audit - Creating Logging Application Certificates

10.4 Creating Logging Application Certificates

To generate a Logging Application Certificate, enter the following command at the command prompt:

audcgen -cert:filename -pkey:filename [-f] [-bits:number] [-serial:number] -appcert:filename 
-apppkey:filename -app:Application_Identifier

The following table reviews each of the command parameters:

Parameter	Description
-cert:filename	The path and filename to the Secure Logging Certificate that AudCGen uses to sign the Logging Application Certificate. The default path and filename is \cacert.pem .
-pkey:filename	The path and filename to the Secure Logging Certificate's private key. The default path and filename is \capkey.pem .
[-f]	Force overwrite. AudCGen overwrites any existing certificates or private keys of the same name (for example, appcert.pem or apppkey.pem) in the output directory. This parameter is optional. If you do not use the -f parameter and there is an existing file, AudCGen aborts creation of the certificate.
[-bits:number]	The number of bits for the certificate. The default is 512; however, Nsure Audit can handle certificates up to 1472 bits.
[-serial:number]	This parameter assigns a serial number to the current certificate. You can use this option to keep track of your system's certificates. This parameter is optional.
-appcert:filename	The output path and filename for the Logging Application Certificate. The default path and filename is /appcert.pem .
-apppkey:filename	The output path and filename for the Logging Application Certificate. The default path and filename is /apppkey.pem .
-app:Application_Identifier	The logging application's Application Identifier. This value must match the Application Identifier stored the logging application's Application object.

The following is a sample command to create a Logging Application Certificate for the Novell eDirectory™ Instrumentation:

audcgen -cert:c:\cacert.pem -pkey:c:\capkey.pem -f -bits:512 -serial:12345 
-appcert:c:\appcert.pem -apppkey:c:\apppkey.pem -app:eDirInst

10.4.1 Enabling Logging Applications to Use Custom Certificates

The process of enabling a logging application to use a custom Logging Application Certificate can vary per application. Please refer to the logging application's documentation.

To enable the eDirectory Instrumentation to use a custom Logging Application Certificate, the path and filename for the certificate and private key files must be as follows:

Platform	Certificate Path and Filename	PrivateKey Path and Filename
NetWare®	\system\dsicert.pem	\system\dsipkey.pem
Windows	\windows_directory\dsicert.pem	\windows_directory\dsipkey.pem
Linux and Solaris	/etc/dsicert.pem	/etc/dsipkey.pem

The NetWare Instrumentation requires \system\nwicert.pem and \system\nwipkey.pem .

The NAudit Instrumentation uses the Secure Logging Certificate and private key configured on the Logging Server object.