Monitoring certificate signing activity
From SAM, you can download a compressed archive of log files that shows the history and details of the certificate signing operations for SaaS acceleration. The log includes information for root CA, intermediate CAs, proxy, and peering certificates.
To review the certificate activity and log
1. In SAM, choose Configure > SSL Optimization and select the Logs tab.
2. Click Download audit log.
Your browser downloads a ZIP-format archive file to your computer. Depending on your browser configuration, it might prompt you for a location to store the file or simply store the file in your default Downloads folder. The default name for this file is <organization>_SaaS Accelerator_CA_Audit_Log.zip where <organization> is the short name of your organization.
Opening the archive displays a text file with a name in the format:
SteelSecure_org-<organization>-xxxxxxxxxxxxxxxx_audit.txt
where <organization>-xxxxxxxxxxxxxxxx identifies your organization. This is the most recent audit log of certificate activity. There might be additional files with a date/time string appended. Each of these files contains audit log records for a previous period up to the date and time in the filename.
Each audit log consists of multiple lines of text that provide you the following details:
• A log line that includes:
– The date and time (in UTC) that the operation occurred.
– The certificate authority operation that was performed (create a CA, delete a CA, sign a peering certificate, or sign a proxy certificate).
– The organization or SaaS Accelerator service instance for the operation.
– The common name (CN=) of the certificate.
• The full text of the certificate in base-64 (PEM) format.
When signing certificates for a SaaS Accelerator service instance, the log line includes the Service Endpoint IP address. This enables you to easily correlate proxy certificates with the accelerated SaaS service in case the common name is not self-explanatory.