Skip to main content
Skip table of contents

Log personal data in Certificate Manager

This article describes how data, that is logged by Smart ID Certificate Manager (CM), is handled.

If the data that is being processed by CM contains personal data, such as names or otherwise sensitive information about persons, this data might be affected by the EU General Data Protection Regulation (GDPR).

What data does the operational logs contain?

In standard CM configuration, the operational logs will contain the following data, which could be considered sensitive or personal in some use-cases:



What is being logged


Verifying CMC2 requests

The subject and alt.names of the signer of the request

SCEP3 certificate issued

Certificate subject, alt.names

Certificates that are issued via certificate formats that use the TokenRequestCaller-modifier

Certificate subject, alt.names

Each PGWY factory module that handles issuing of certificates will log the information that is configured in in file

Depending on configuration, this could include the certificate subject


Ldif4 files created after successful LDAP distribution requests.

The whole LDAP distribution request, together with the LDAP path, which could include the certificate subject or DN.

Error during LDAP publication

LDAP path, which could include the certificate subject or DN. Parts of LDAP request, which could include certificate subject or DN.

 Protocol Gateway

2 Certificate management over CMS (Cryptographic Message Syntax)

3 Simple Certificate Enrollment Protocol

4 LDAP Data Interchange Format

Additional information logged by CM

In certain cases when CM encounters a situation that is out of the ordinary, such as errors, mismatching data, or requests that are invalid, CM will also log additional information to enable troubleshooting of a potential error. These cases are not part of the expected operation of CM. For example, when reading a certificate signature from the database, but the certificate could not be verified for unknown reasons, the operational logs could include the full data about the certificate, which includes the certificate subject. It is not recommended to disable such logging, since such situations are not expected to happen, and having sufficient logs could be of vital importance when troubleshooting.

CM operational logs also contain extensive information about actions taken by officers, and the information about the officer performing an action. The information about the officer is required for the CA to fulfill its operational obligations.

How to reduce logging of personal data

  • To disable logging of the above information, see the following documents and sections:

    • The "Masking Personal Data In Logs" chapter in Installation and Configuration Guide - Protocol Gateway.

    • The "da.conf" chapter in the Technical Description shows how to disable logging to ldif files.

  • To prevent having unnecessary personal data in logs, rotate the operational logs in scheduled intervals, by removing logs that are older than a predetermined amount of time.

Related information

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.