Verifying a secure log using openssl – HP Secure Key Manager User Manual

2.

Change the file extension on the log file to .eml. The file will now be recognized by Windows

as an E-mail file.

3.

Double-click on the file. Outlook Express will open and display a help screen with a security header

that reads: “Digitally signed - signing digital ID is not trusted.”

4.

Click Continue. A security warning will appear.

5.

Click View Digital ID. The Signing Digital ID Properties dialog will appear.

6.

Click the Details tab and scroll down to the Thumbprint field.

7.

Download the Log Signing Certificate used to sign the log file from the SKM.

8.

Double-click on the Log Signing Certificate. The Certificate dialog will appear.

9.

Select the Details tab.

10.

Scroll down to the Thumbprint field.

11.

Compare the thumbprints of the Signing Digital ID Properties dialog and the Log Signing Certificate

dialog. If the text strings are identical, the integrity of the log file is secure.

Verifying a secure log using OpenSSL

Prior to verifying a secure log, you must have installed OpenSSL on the machine that will verify the log

file. You can use the procedure in both Windows and UNIX/Linux environments. If OpenSSL has not

been installed on your Windows machine, you can find a Windows distribution here:
http://www.slproweb.com/products/Win32OpenSSL.html
To verify a secure log:

1.

Log in to the Management Console as an administrator.

2.

Navigate to the Log Configuration page (Device > Log Configuration) and click the Log Levels

& Signing tab.

3.

Click View Log Signing Cert.

4.

Click Download Log Signing Cert and save the Log Signer certificate to your local machine.

5.

Navigate to the Audit Log page (Device > Logs & Statistics > Log Viewer > )

and click Download Entire Log. Save the log file in the same directory as the log signer cert. (You

can save both the log file and the certificate anywhere you like; for the sake of simplicity, these

procedures assume that the two files are in the same directory.)

6.

From the command prompt, enter the following command:
openssl smime -verify -in -nointern -certfile

cert file> -text -noverify.
After issuing the command, the text from the log file is displayed. If the text of the log file has not

been modified, the system displays “Verification successful” below the log text, as shown here:
2006-07-06 09:15:02 [admin]: Logged in from 192.168.1.170 via web
2006-07-06 11:17:30 [admin]: Logged in from 192.168.1.170 via web
2006-07-06 11:24:26 [admin]: Downloaded Cert logsigner
2006-07-06 12:30:17 [admin]: User admin login has expired.
Verification successful
You can test this process by modifying the text in the log file and running the command again. When

you issue the command, the system again displays the text of the log file, but this time, it displays

“Verification failure” after the text of the log file.

Secure Key Manager

81

See also other documents in the category HP Storage:

• StorageWorks MSL6000 Tape Library (61 pages)
• Лент-е накопители HP StoreEver DAT (64 pages)
• Лент-е накопители HP StoreEver DAT (50 pages)
• StoreEver Ultrium Tape Drives (78 pages)
• StoreEver Ultrium Tape Drives (76 pages)
• Linear Tape File System Software (20 pages)
• StoreEver Ultrium Tape Drives (61 pages)
• StoreEver TapeAssure Software (40 pages)
• StoreEver Ultrium Tape Drives (75 pages)
• StoreEver Ultrium Tape Drives (60 pages)
• Linear Tape File System Software (28 pages)
• Linear Tape File System Software (25 pages)
• 2600fx Optical Disk Drive (65 pages)
• Ленточный автозагрузчик HP StorageWorks DAT 72x10 (58 pages)
• StorageWorks 1000 Modular Smart Array (81 pages)
• StorageWorks 1500cs Modular Smart Array (48 pages)
• StorageWorks 1500cs Modular Smart Array (52 pages)
• StorageWorks 1500cs Modular Smart Array (71 pages)
• 2000fc Modular Smart Array (150 pages)
• StorageWorks 1000 Modular Smart Array (72 pages)
• Servidor de almacenamiento HP ProLiant DL585 G2 (152 pages)
• Sistemas de almacenamiento de red HP StorageWorks X3000 (152 pages)
• Software de HP StoreVirtual VSA (127 pages)
• Software de HP StoreVirtual VSA (85 pages)
• X500 Data Vault (331 pages)
• StorageWorks 1000i Virtual Library System (122 pages)
• StorageWorks XP Remote Web Console Software (20 pages)
• 200 Storage Virtualization System (176 pages)
• XP Array Manager Software (101 pages)
• StorageWorks MSA 2.8 SAN Switch (22 pages)
• StorageWorks MSA 2.8 SAN Switch (104 pages)
• StorageWorks MSA 2.8 SAN Switch (270 pages)
• StorageWorks MSA 2.8 SAN Switch (307 pages)
• StorageWorks All-in-One SB600c Storage Blade (60 pages)
• StorageWorks All-in-One SB600c Storage Blade (72 pages)
• StorageWorks All-in-One SB600c Storage Blade (80 pages)
• StorageWorks All-in-One SB600c Storage Blade (78 pages)
• ProLiant DL585 G2 Storage-Server (150 pages)
• Data Protector Express Basic-Software (83 pages)
• Data Protector Express Basic-Software (93 pages)
• ProLiant DL185 G5 Storage Server (174 pages)
• ProLiant High Availability Storage Server (72 pages)
• StorageWorks 2000fc G2 Modular Smart Array (76 pages)
• 2000I G2-Modular-Smart-Array (48 pages)
• P2000 G3 MSA Array Systems (58 pages)