Skip to main content

Logs

Expedite remediation by reviewing the history of all actions taken within your account in audit logs and signature logs.

There are two categories of logs:

  • Audit logs

  • Signature logs

Audit logs

Audit logs provides you with an events list of:

Actions

Description

Approve

Action approved.

Delete

Resource deleted.

Download

Resource downloaded.

Expire

Resource expired.

Generate

Resource created.

Generate CSR

CSR generated from keypair.

Import

Resource imported.

Refresh

Dynamic keypair refreshed.

Reject

Action rejected.

Request

Action or resource requested.

Set up

Account set up or CertCentral API key integrated with DigiCert​​®​​ Software Trust Manager.

Sign

User attempted to sign.

Suspend

Keypair status was set to offline.

Certificate or keypair profile was disabled.

Unsuspend

Keypair status was set to online.

Certificate or keypair profile was enabled.

Update

Resource updated.

Signature logs

Signature logs provides you with a list of signature events, as well as the following details:

Fields

Description

Date

Identifies the date the signature took place.

Status

Identifies whether the signature was successful or failed.

Signer

Identifies which performed the signature.

Keypair alias

Identifies the keypair used to sign.

Keypair ID

Identifies the keypair ID used to sign.

Keypair type

Identifies whether the keypair used to sign is static or dynamic.

Algorithm

Identifies the cryptographic algorithm of the keypair used to sign.

Signature type

Identifies whether a production or test keypair was used to sign.

Hash

Identifies the hash value that uniquely represents the raw data (the code being signed) using a specific hash algorithm. This hash value helps ensure the integrity and authenticity of the signed code.

Signature

Identifies the digital signature generated from the hash or digest of the code being signed using a private key. This signature serves as proof of the code's authenticity and integrity, as it can be verified using the corresponding public key.

Client IP

Identifies the IP address of the client detected when the signature occurred.

Signature metadata

Signature logs displays the following signature metadata types:

Field

Description

Checksum-after-signing

The cryptographic checksum generated for the file after signing to ensure its integrity and authenticity.

Checksum-before-signing

The cryptographic checksum of the file before it undergoes the signing process.

Digest-algorithm

The algorithm used for generating the cryptographic digest or checksum, such as SHA-256.

File-location

The directory path or URL where the signed file is located.

File-name

The name of the signed file.

Signing-tool

The software or tool used for signing the file, such as OpenSSL or Microsoft SignTool.

Timestamp

The date and time when the file was signed.

TSA-url

The URL of the Time Stamp Authority (TSA) used for timestamping the signature, ensuring its validity beyond the signing certificate's expiration.

The following information is shown for each of each of the signature metadata mentioned above:

Field

Description

Metadata key

Provides the metadata name, such as:

  • checksum-after-signing

  • checksum-before-signing

  • digest-algorithm

  • file-location

  • file-name

  • signing-tool

  • timestamp

  • tsa-url

Metadata value

Provides the value of the metadata key.

Metadata primary

Shows Yes if the metadata is included in the signature and No if the metadata key is not included.

Metadata source

Displays the name of the source that provided the metadata.

Identify error message

To identify the error message for a failed event:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Logs > Audit logs or Signature logs.

  4. Identify and click on the date of the failed event.

  5. Identify the Error message field.

Filter logs

To download audit or signature logs:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Logs > Audit logs or Signature logs.

  4. Click on the filter icon next to the column name and select the filters you want to apply.

Download logs (less than 10,000)

Anmerkung

You require the Export audit logs permission to export audit logs.

To download less than 10,000 of the most recent audit or signature logs, use this method:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Logs > Audit logs or Signature logs.

  4. Apply any filters you may need (optional).

  5. Click on the download icon in the top-right corner.

  6. Select Download report to download the most recent 10 000 records.

Download logs (more than 10,000)

To download more than 10,000 audit or signature logs, use this method:

  1. Sign in to DigiCert ONE.

  2. Select the Manager menu (top right) > Software Trust.

  3. Navigate to: Logs > Audit logs or Signature logs.

  4. Click on the download icon in the top-right corner.

  5. Select View archived report to view and download records that exceed 10 000 records.

    Anmerkung

    • Filters cannot be applied to archived reports.

    • Each report has a maximum of 10 000 records per report.

    • Reports are numbered for ease of reference, the first report contains the oldest records.

  6. Click the download icon next to the file name.

In diesem Abschnitt: