Audit Certification Services
Updated: July 3, 2013
Applies To: Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8
This topic for the IT professional describes the Advanced Security Audit policy setting, Audit Certification Services, which determines whether the operating system generates events when Active Directory Certificate Services (AD CS) operations are performed.
Examples of AD CS operations include:
AD CS starts, shuts down, is backed up, or is restored.
Certificate revocation list (CRL)-related tasks are performed.
Certificates are requested, issued, or revoked.
Certificate manager settings for AD CS are changed.
The configuration and properties of the certification authority (CA) are changed.
AD CS templates are modified.
Certificates are imported.
A CA certificate is published to Active Directory Domain Services.
Security permissions for AD CS role services are modified.
Keys are archived, imported, or retrieved.
The OCSP Responder Service is started or stopped.
Monitoring these operational events is important to ensure that AD CS role services are functioning properly.
Event volume: Low to medium on servers that host AD CS role services
Default: Not configured
If this policy setting is configured, the following events appear on computers running the supported versions of the Windows operating system as designated in the Applies to list at the beginning of this topic, in addition to Windows Server 2008 and Windows Vista.
The certificate manager denied a pending certificate request.
Certificate Services received a resubmitted certificate request.
Certificate Services revoked a certificate.
Certificate Services received a request to publish the certificate revocation list (CRL).
Certificate Services published the certificate revocation list (CRL).
A certificate request extension changed.
One or more certificate request attributes changed.
Certificate Services received a request to shut down.
Certificate Services backup started.
Certificate Services backup completed.
Certificate Services restore started.
Certificate Services restore completed.
Certificate Services started.
Certificate Services stopped.
The security permissions for Certificate Services changed.
Certificate Services retrieved an archived key.
Certificate Services imported a certificate into its database.
The audit filter for Certificate Services changed.
Certificate Services received a certificate request.
Certificate Services approved a certificate request and issued a certificate.
Certificate Services denied a certificate request.
Certificate Services set the status of a certificate request to pending.
The certificate manager settings for Certificate Services changed.
A configuration entry changed in Certificate Services.
A property of Certificate Services changed.
Certificate Services archived a key.
Certificate Services imported and archived a key.
Certificate Services published the CA certificate to Active Directory Domain Services.
One or more rows have been deleted from the certificate database.
Role separation enabled:
Certificate Services loaded a template.