You can audit a variety of events relating to the management and activities of a certification authority (CA):
Back up and restore the CA database.
Change the CA configuration.
Change CA security settings.
Issue and manage certificate requests.
Revoke certificates and publish certificate revocation lists (CRLs).
Store and retrieve archived keys.
Start and stop Active Directory Certificate Services (AD CS).
You must be a CA administrator or a CA auditor to complete this procedure. The CA auditor must perform this procedure if the CA has been configured to enforce role-based administration. For more information, see Implement Role-Based Administration.
|To configure CA event auditing|
Open the Certification Authority snap-in.
In the console tree, click the name of the CA.
On the Action menu, click Properties.
On the Auditing tab, click the events that you want to audit, and then click OK.
On the Action menu, point to All Tasks, and then click Stop Service.
On the Action menu, point to All Tasks, and then click Start Service.
To audit events, the computer must also be configured for auditing of object access. Audit policy options can be viewed and managed in local or domain Group Policy under Computer Configuration\Windows Settings\Security Settings\Local Policies.