System information
certutil -d /var/lib/instance_ID/logs/signedAudit/dbdir -A -n "CA
Certificate" -t \
"CT,CT,CT" -a -i /var/lib/instance_ID/alias/cacert.txtcertutil -d \
/var/lib/instance_ID/logs/signedAudit/dbdir -A -n "Log Signing
Certificate" -a -i \
/var/lib/instance_ID/alias/logsigncert.txt
3. Syntax
The AuditVerify tool has the following syntax:
AuditVerify -d dbdir -n signing_certificate_nickname -a logListFile [-P
cert/key_db_prefix] [-v]
Option Description
d Specifies the directory containing the security
databases with the imported audit log signing
certificate.
n Gives the nickname of the certificate used to
sign the log files. The nickname is whatever
was used when the log signing certificate was
imported into that database.
a Specifies the text file containing a comma
separated list (in chronological order) of the
signed audit logs to be verified. The contents
of the logListFile are the full paths to the audit
logs. For example:
/var/lib/rhpki-ca/logs/signedAudit/ca_cert-ca_audit,
\
/var/lib/rhpki-ca/logs/signedAudit/ca_cert-ca_audit.20030227102711,
\
/var/lib/rhpki-ca/logs/signedAudit/ca_cert-ca_audit.20030226094015
P Optional. The prefix to prepend to the
certificate and key database filenames. If
used, a value of empty quotation marks (“”)
should be specified for this argument, since
the auditor is using separate certificate and
key databases from the Certificate System
instance and it is unlikely that the prefix
Chapter 5. AuditVerify
18