I have seen that OpenCA 0.9.1 doesn't have any log interface. It's not possible to audit who has done what and when. I need that every operation at the CA is logged and signed by an operator, because then I can audit the system and know who has done what and when. Let me give an example:
A certificate is genarated, but then we discover that the person who asked for the certificate was forbidden to have a certificate in our chain. Or a certificate was revoked and it shouldn't have been revoked. So, we need to know who did the operation, which CA operator, in order to punish him/her.
Have you thougth and done anything in this way? What kind of logs are already implemented in OpenCA? I found just export/import data logs.... Which operations can the CA Operator sign? I've seen only operations at RA that can be signed by the RA Operator....
Thank you!! Patricia
smime.p7s
Description: S/MIME Cryptographic Signature
