16.1.3. Procedure – Replaying encrypted audit trails in your browser

Purpose: 

To view screenshots generated for encrypted audit trails, and replay encrypted audit trails in your browser, you have to upload the necessary certificates and corresponding private keys to your private keystore. Depending on the encryption, decrypting the upstream part of an audit trail might require an additional set of certificates and keys.

Only RSA keys (in PEM-encoded X.509 certificates) can be uploaded to the private keystore.

Note

Certificates are used as a container and delivery mechanism. For encryption and decryption, only the keys are used.

Balabit recommends using 2048-bit RSA keys (or stronger).

For more information on audit trail encryption, see Procedure 7.10.1, Encrypting audit trails.

You can upload certificates permanently or temporarily. The temporary certificates are deleted when you log out of PSM.

The certificates and private keys in your keystore can be protected with a passphrase. To use the certificates and private keys in a passphrase-protected keystore for decrypting audit trails, you have to unlock the keystore first by providing the security passphrase. The keystore then remains unlocked for the duration of your session.

Steps: 

  1. Click on User menu > Private keystore.

    Figure 16.10. User menu > Private keystore — The private keystore

    User menu > Private keystore — The private keystore
  2. Optional step: Create a security passphrase, if you have not configured one yet.

    1. In Security passphrase, click Change.

    2. In the New field, enter your new security passphrase. Repeat the same passphrase in the Confirm field.

      Note

      PSM accepts passwords that are not longer than 150 characters. The following special characters can be used: !"#$%&'()*+,-./:;<=>?@[\]^-`{|}

    3. Click Apply.

    If you forgot your security passphrase, contact the Balabit Support Team.

  3. Click to add a new certificate.

    Figure 16.11. Adding certificates

    Adding certificates
  4. Click the first to upload the new certificate. A pop-up window is displayed.

    Figure 16.12. Uploading certificates

    Uploading certificates
  5. Select Browse, select the file containing the certificate, and click Upload. Alternatively, you can also copy-paste the certificate into the Certificate field and click Set.

  6. To upload the private key corresponding to the certificate, click the second icon. A pop-up window is displayed.

    Figure 16.13. Uploading the private key

    Uploading the private key
  7. Select Browse, select the file containing the private key, provide the Password if the key is password-protected, and click Upload. Alternatively, you can also copy-paste the private key into the Key field, provide the Password there, and click Set.

  8. To add more certificate-key pairs, click and repeat the steps above.

  9. To finish uploading certificates and keys to your private keystore, click Apply.