Примеры логирования системного журнала при работе с сертификатами#

  1. Загрузка локального keystore:

pem:
log.info("Loading 'pem' keystore from key file: {}, certificate file: {}", clientKeyPemLocation, clientPemLocation);
log.info("The '{}' keystore from key file: {}, certificate file: {} does not exist on the file system", keyStoreType, clientKeyPemLocation, clientPemLocation);

jks:
log.info("Loading '{}' keystore from: {}", keyStoreType, keyStoreLocation);
log.info("The '{}' keystore from: {} does not exist on the file system", keyStoreType, keyStoreLocation);

  1. Загрука локального truststore:

pem:
log.info("Loading 'pem' truststore from ca file: {}", caPemLocation);
log.info("The '{}' truststore from {} does not exist on the file system", trustStoreType, caPemLocation);

jks:
log.info("Loading '{}' truststore from: {}", trustStoreType, trustStoreLocation);
log.info("The '{}' truststore from : {} does not exist on the file system", trustStoreType, trustStoreLocation);

  1. Получение паролей от локальных jks из vault:

log.info("Request stores passwords from Vault: '{}/{}/{}'", vaultAddress, engineVersion, secretPath);
log.info("Stores passwords from vault successfully retrieved");

  1. Замена паролей от jks (опционально):

log.info("Unable to open stores using provided passwords {}, trying to change store passwords using previous version {}", version, oldVersion);
log.info("Successfully updated stores passwords to version {}.", version);

  1. Проверка локального truststore на валидность:

log.info("Verifying local truststore.");
log.warn("Certificate with alias {} not found, store verification failed.", alias);
log.info("Checking the certificate for expiration and revocation: DN {}, serial {}, valid from {} to {}.");
log.warn("Certificate with DN: {}, serial number {} expires in less than {} limit, expiration date: {}",
ex: "Certificate is already expired, serial number: %s");

  1. Запрос доверенных сертификатов из vault (опционально):

log.info("Request trusted certificates from Vault");
log.info("Adding vault ca_chain to truststore");
log.info("Requesting vault ca_chain from {}/{}/{}", vaultAddress, engineVersion, effectiveCaChainPath);
log.info("Request trusted certificates from Vault Key-Value: '{}/{}/{}'", vaultAddress, engineVersion, pemTrustPath);
log.info("Received trusted certificate with alias {}, DN: {}, serial: {}, valid from {} to {}");
log.error("Failed to read certificate with alias '{}' of secret '{}'", entry.getKey(), pemTrustPath);

  1. Проверка локального keystore на валидность:

log.info("Verifying local keystore.");
log.warn("Certificate with alias {} not found, store verification failed.", alias);
log.info("Checking the certificate for expiration and revocation: DN {}, serial {}, valid from {} to {}.");
log.warn("Certificate with DN: {}, serial number {} expires in less than {} limit, expiration date: {}",
ex: "Certificate is already expired, serial number: %s");

  1. Запрос клиентского сертификата из vault:

log.info("Request client certificates from Vault.");

kv:
log.info("Using kv mode.");
log.info("Request stores certificates from Vault Key-Value: '{}/{}/{}'", vaultAddress, engineVersion, pemPath);

pki/issue:
log.info("Using pki/issue mode.");

pki/fetch:
log.info("Using pki/fetch mode.");
log.info("Request stores certificates from the PKI Vault: '{}/{}/{}'", vaultAddress, engineVersion, pkiMount);
 
log.info("Checking the certificate for expiration and revocation: DN {}, serial {}, valid from {} to {}.");

  1. Сохранение локального keystore:

pem:
log.info("Saving 'pem' certificate to: {}", clientPemLocation);
log.info("Saving 'pem' private key to: {}", clientKeyPemLocation);

jks:
log.info("Saving '{}' keystore to: {}", keyStoreType, keyStoreLocation);

  1. Сохранение локального truststore:

pem:
log.info("Saving 'pem' CA to: {}", caPemLocation);

jks:
log.info("Saving '{}' truststore to: {}", trustStoreType, trustStoreLocation);