Partager via


Securing PKI: Appendix B: Certification Authority Audit Filter

 

Applies To: Windows Server 2003 with SP2, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012

The CA audit filter is a bitmask value representing the seven different audit categories that can be enabled. If all values are enabled, the audit filter will have a value of 127.

Value (Decimal)

Setting

1

Start and stop Active Directory® Certificate Services

2

Back up and restore the CA database

4

Issue and manage certificate requests

8

Revoke certificates and publish CRLs

16

Change CA security settings

32

Store and retrieve archived keys

64

Change CA configuration

The CA audit filter can be set through the CA snap-in GUI or via the command line. To set the audit filter via the GUI:

  1. Open the CA snap-in (certsrv.msc).

  2. Right-click the CA and click Properties.

  3. Click the Auditing tab and select the desired values.

To set the audit filter via the command line, run the following command from an elevated command prompt:

certutil –setreg CA\AuditFilter <value>

net stop certsvc && net start certsvc

For example, certutil –setreg CA\AuditFilter 18 will set the audit filter to include events covered under “Change CA security settings” and “Backup and restore the CA database.”

See Also

Securing Public Key Infrastructure (PKI)
Securing PKI: Introduction
Securing PKI: Planning a CA Hierarchy
Securing PKI: Physical Controls for Securing PKI
Securing PKI: PKI Process Security
Securing PKI: Technical Controls for Securing PKI
Securing PKI: Planning Certificate Algorithms and Usages
Securing PKI: Protecting CA Keys and Critical Artifacts
Securing PKI: Monitoring Public Key Infrastructure
Securing PKI: Compromise Response
Securing PKI: Appendix A: Events to Monitor
Securing PKI: Appendix C: Delegating Active Directory PKI Permissions
Securing PKI: Appendix D: Glossary of Terms
Securing PKI: Appendix E: PKI Basics
Securing PKI: Appendix F: List of Recommendations by Impact Level
Security and Protection
Secure Windows Server 2012 R2 and Windows Server 2012