Logs
Expedite remediation by reviewing the history of all actions taken within your account in audit logs and signature logs.
There are two categories of logs:
Audit logs
Signature logs
Audit logs
Audit logs provides you with an events list of:
Actions | Description |
---|---|
Approve | Action approved. |
Delete | Resource deleted. |
Download | Resource downloaded. |
Expire | Resource expired. |
Generate | Resource created. |
Generate CSR | CSR generated from keypair. |
Import | Resource imported. |
Refresh | Dynamic keypair refreshed. |
Reject | Action rejected. |
Request | Action or resource requested. |
Set up | Account set up or CertCentral API key integrated with DigiCert® Software Trust Manager. |
Sign | User attempted to sign. |
Suspend | Keypair status was set to offline. Certificate or keypair profile was disabled. |
Unsuspend | Keypair status was set to online. Certificate or keypair profile was enabled. |
Update | Resource updated. |
Signature logs
Signature logs provides you with a list of signature events, as well as the following details:
Fields | Description |
---|---|
Date | Identifies the date the signature took place. |
Status | Identifies whether the signature was successful or failed. |
Signer | Identifies which performed the signature. |
Keypair alias | Identifies the keypair used to sign. |
Keypair ID | Identifies the keypair ID used to sign. |
Keypair type | Identifies whether the keypair used to sign is static or dynamic. |
Algorithm | Identifies the cryptographic algorithm of the keypair used to sign. |
Signature type | Identifies whether a production or test keypair was used to sign. |
Hash | Identifies the hash value that uniquely represents the raw data (the code being signed) using a specific hash algorithm. This hash value helps ensure the integrity and authenticity of the signed code. |
Signature | Identifies the digital signature generated from the hash or digest of the code being signed using a private key. This signature serves as proof of the code's authenticity and integrity, as it can be verified using the corresponding public key. |
Client IP | Identifies the IP address of the client detected when the signature occurred. |
Signature metadata
Signature logs displays the following signature metadata types:
Field | Description |
---|---|
Checksum-after-signing | The cryptographic checksum generated for the file after signing to ensure its integrity and authenticity. |
Checksum-before-signing | The cryptographic checksum of the file before it undergoes the signing process. |
Digest-algorithm | The algorithm used for generating the cryptographic digest or checksum, such as SHA-256. |
File-location | The directory path or URL where file to be signed is located. |
File-name | The name of the file to be signed. |
Signing-tool | The software or tool used for signing the file, such as OpenSSL or Microsoft SignTool. |
Timestamp | Represents if the timestamp was done. |
TSA-url | The URL of the Time Stamp Authority (TSA) used for timestamping the signature, ensuring its validity beyond the signing certificate's expiration. |
The following information is shown for each of each of the signature metadata mentioned above:
Field | Description |
---|---|
Metadata key | Provides the metadata name, such as:
|
Metadata value | Provides the value of the metadata key. |
Metadata primary | Shows Yes if the metadata is one of the above defined metadata. Shows No if the custom metadata provided. |
Metadata source | Displays the name of the source that provided the metadata. |
Identify error message
To identify the error message for a failed event:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Logs > Audit logs or Signature logs.
Identify and click on the date of the failed event.
Identify the Error message field.
Filter logs
To download audit or signature logs:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Logs > Audit logs or Signature logs.
Click on the filter icon next to the column name and select the filters you want to apply.
Download logs (less than 10,000)
참고
You require the Export audit logs
permission to export audit logs.
To download less than 10,000 of the most recent audit or signature logs, use this method:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Logs > Audit logs or Signature logs.
Apply any filters you may need (optional).
Click on the download icon in the top-right corner.
Select Download report to download the most recent 10 000 records.
Download logs (more than 10,000)
To download more than 10,000 audit or signature logs, use this method:
Sign in to DigiCert ONE.
Select the Manager menu (top right) > Software Trust.
Navigate to: Logs > Audit logs or Signature logs.
Click on the download icon in the top-right corner.
Select View archived report to view and download records that exceed 10 000 records.
참고
Filters cannot be applied to archived reports.
Each report has a maximum of 10 000 records per report.
Reports are numbered for ease of reference, the first report contains the oldest records.
Click the download icon next to the file name.