Log personal data in Certificate Manager
This article describes how data, that is logged by Smart ID Certificate Manager (CM), is handled.
If the data that is being processed by CM contains personal data, such as names or otherwise sensitive information about persons, this data might be affected by the EU General Data Protection Regulation (GDPR).
What data does the operational logs contain?
In standard CM configuration, the operational logs will contain the following data, which could be considered sensitive or personal in some use-cases:
Component | When | What is being logged |
|---|---|---|
PGWY1 | Verifying CMC2 requests | The subject and alt.names of the signer of the request |
SCEP3 certificate issued | Certificate subject, alt.names | |
Certificates that are issued via certificate formats that use the | Certificate subject, alt.names | |
Each PGWY factory module that handles issuing of certificates will log the information that is configured in com.nexussafe.cm.pgwy.subject in file logging.properties. | Depending on configuration, this could include the certificate subject | |
CF | Ldif4 files created after successful LDAP distribution requests. | The whole LDAP distribution request, together with the LDAP path, which could include the certificate subject or DN. |
Error during LDAP publication | LDAP path, which could include the certificate subject or DN. Parts of LDAP request, which could include certificate subject or DN. |
1 Protocol Gateway
2 Certificate management over CMS (Cryptographic Message Syntax)
3 Simple Certificate Enrollment Protocol
4 LDAP Data Interchange Format
Additional information logged by CM
In certain cases when CM encounters a situation that is out of the ordinary, such as errors, mismatching data, or requests that are invalid, CM will also log additional information to enable troubleshooting of a potential error. These cases are not part of the expected operation of CM. For example, when reading a certificate signature from the database, but the certificate could not be verified for unknown reasons, the operational logs could include the full data about the certificate, which includes the certificate subject. It is not recommended to disable such logging, since such situations are not expected to happen, and having sufficient logs could be of vital importance when troubleshooting.
CM operational logs also contain extensive information about actions taken by officers, and the information about the officer performing an action. The information about the officer is required for the CA to fulfill its operational obligations.
How to reduce logging of personal data
To disable logging of the above information, see the following documents and sections:
The "Masking Personal Data In Logs" chapter in Installation and Configuration Guide - Protocol Gateway.
The "da.conf" chapter in the Technical Description shows how to disable logging to ldif files.
To prevent having unnecessary personal data in logs, rotate the operational logs in scheduled intervals, by removing logs that are older than a predetermined amount of time.