32 Identity Manager 3.6 Integration Guide for Novell Auditnovdocx (en) 11 July 20086 In iManager, update the Secure Logging Certificate File and Secure Logging Privatekey Fileproperties in the Secure Logging Server configuration to point to the new, signed rootcertificate key pair:6a In iManager select Auditing and Logging > Logging Server Options.6b Select the General tab, then select the Configuration tab.6c Update the path in the Secure Logging Certificate File field.6d Update the path in the Secure Logging Privatekey File field, then click OK to save thechanges.For more information on the Secure Logging Server configuration, see “Logging ServerObject Attributes ” in the Novell Audit 2.0 Administration Guide.7 Use AudCGen to generate a new public certificate for Identity Manager.IMPORTANT: The certificate signed by your enterprise CA must be used as the authoritativeroot certificate.For information on generating a certificate for Identity Manager, see “Creating LoggingApplication Certificates” on page 36.8 Update the Identity Manager Instrumentation so it uses the public certificate signed by theSecure Logging Server’s root certificate key pair. For more information, see “Enabling theIdentity Manager Instrumentation to Use a Custom Certificate” on page 36.9 Restart eDirectoryTM or the Remote Loader.After you update your Novell Audit certificate infrastructure with a custom certificate, the onlyrequired maintenance is to update the certificate when it expires.6.2 The Novell Audit AudCGen UtilityIMPORTANT: There are many versions of the AudCGen utility. This section documents theversion of AudCGen that is available with Novell Audit 2.0.2 FP2. If you are using a differentversion of AudCGen, refer to the help file for that version.The AudCGen utility must be used to create and sign Novell Audit certificates. The following tabledescribes the AudCGen command parameters:Table 6-1 AudCGen Command ParametersParameter Descriptionapp Generates a certificate key pair for instrumented applications.It creates the /app_cert.pem and /app_pkey.pem files.–appcert:filename The output path and filename for the logging application’scertificate.The default filename is app_cert.pem. The default path isplatform-specific and can be changed by using the –baseparameter.