Audit log events
Version: 1.11
Doc. ID: SPEC-AL
Version history
Date | Version | Description | Author |
11.09.2015 | 0.1 | Initial version | Kristo Heero |
14.09.2015 | 0.2 | Bug fixes | Kristo Heero |
16.09.2015 | 0.3 | Made editorial changes in introduction | Margus Freudenthal |
18.09.2015 | 1.0 | Editorial changes made | Imbi Nõgisto |
09.10.2015 | 1.1 | Delete certificate/key events of security server updated | Kristo Heero |
12.10.2015 | 1.2 | Updated CSR generation events. Fields nameExtractorMemberClass and nameExractorMethod replaced with field certificateProfileInfo | Kristo Heero |
20.10.2015 | 1.3 | New events 'Add subsystem' and 'Register management service provider as security server client' added | Kristo Heero |
21.10.2015 | 1.4 | New fields managementRequestId and keyLabel added | Kristo Heero |
23.10.2015 | 1.5 | Data field of the event 'Edit WSDL' changed | Kristo Heero |
08.12.2015 | 1.6 | Added audit log events for TLS internal key certificate requests and certificate import | Ilkka Seppälä |
10.05.2016 | 1.7 | Merged changes from xtee6-doc repo. Added New event ‘Skip unregistration of authentication certificate' added change made by Meril Vaht on 10.12.2015. | Kedi Välba |
10.05.2020 | 1.8 | Updated to match current implementation | Janne Mattila |
16.02.2023 | 1.9 | Converted document from docx to markdown | Raido Kaju |
17.04.2023 | 1.10 | Remove central services support | Justas Samuolis |
05.06.2023 | 1.11 | New Central Server | Eneli Reimets |
Table of Contents
License
This work is licensed under the Creative Commons Attribution-ShareAlike 3.0 Unported License. To view a copy of this
license, visit http://creativecommons.org/licenses/by-sa/3.0/.
1 Introduction
X-Road central and security servers keep audit log. The audit log events are generated by user interfaces when the user
changes system state or configuration. Additionally, the utility signer-console
generates audit log events. The user
actions are logged regardless of whether the outcome was a success or a failure.
This document provides complete list of all audit log events and theirs related data sets.
The audit log record contains description of the audit log event in JSON
format. The field event represents the
description of the event, the field user represents the user name of the performer (events started by the system have
the user name system
), and the field data represents data fields related with the event:
In case of failure the event description ends with suffix failed and related data set may contain less data fields than
normally. Also, an additional field reason for the error message will be added.
Security Server and Central Server audit log contains some additional elements, described in the next chapter.
Section 2 lists all the possible (successful) event descriptions and corresponding set of data fields (some fields are
optional).
Security Server and Central Server use REST APIs to update data, and a new audit log implementation adds some features that are useful in
auditing updates done through the API.
Example of extended audit log message for the security server:
Log contains (outside the actual audit log event JSON
) correlation-id
element which can be used to associate
audit log entry with a specific request, regular log entries and e.g. stack traces from regular log.
Audit log event JSON
contains these additional elements:
- ipaddress
- the IP address of the user
- auth
- authentication type used for this API call
- possible values:
- Session - session based authentication (web application)
- ApiKey - direct API call using API key authentication
- HttpBasicPam - HTTP basic authentication with PAM login (for api key management API operations)
- url
- url of called API endpoint
- warning
- for failed events, boolean indicating whether the failure was caused by unhandled warnings
1.1.2 Common Value Structures of the Data Fields
Values of data fields memberIdentifier
, clientIdentifier
, ownerIdentifier
, providerIdentifier
, and
serviceProviderIdentifier
have a common structure:
where xRoadInstance
is the X-Road instance, memberClass
is the X-Road member class, and memberCode
is the X-Road
member code. In case of clientIdentifier
, providerIdentifier
, and serviceProviderIdentifier
an optional field
subsystemCode
(the X-Road subsystem code) is present in the structure.
2 Audit Log Events
2.1 Central Server
2.1.1 Common Events
The audit log events related to the UI logging and the UI language settings.
Event | Data fields |
Log in user | |
Log out user | |
Set UI language | * locale - the selected UI locale (e.g en) |
2.1.2 Initialization Event
The audit log event related to initialization.
Event | Data fields |
Initialize Central Server | - centralServerAddress - the address of the Central Server
- instanceIdentifier - the instance identifier of the Central Server
- haNode - the name of the node in the cluster in the case of HA setup
|
2.1.3 Members Events
The audit log events related to configuration of the X-Road members.
Event | Data fields |
Add member | - memberName - the member name of the added member
- memberClass - the member class of the added member
- memberCode - the member code of the added member
|
Edit member name | - memberName - the new member name of the edited member
- memberClass - the member class of the edited member
- memberCode - the member code of the edited member
|
Delete member | - memberClass - the member class of the deleted member
- memberCode - the member code of the deleted member
|
Add subsystem | - memberClass - the member class of the added subsystem
- memberCode - the member code of the added subsystem
- memberSubsystemCode - the subsystem code of the added subsystem
|
Delete subsystem | - memberClass - the member class of the deleted subsystem
- memberCode - the member code of the deleted subsystem
- memberSubsystemCode - the subsystem code of the deleted subsystem
|
Unregister member as security server client | - serverCode - the server code of the selected security server
- ownerClass - the owner class of the selected security server
- ownerCode - the owner code of the selected security server
- clientIdentifier - the client identifier of the member unregistered as client of the selected security server
|
2.1.4 Security Servers Events
The audit log events related to configuration of the X-Road security servers.
Event | Data fields |
Edit security server address | - serverCode - the server code of the edited security server
- ownerCode - the owner code of the edited security server
- ownerClass - the owner class of the edited security server
- address - the new address of the edited security server
|
Delete security server | - serverCode - the server code of the deleted security server
- ownerCode - the owner code of the deleted security server
- ownerClass - the owner class of the deleted security server
|
Delete authentication certificate of security server | - serverCode - the server code of the selected security server
- ownerCode - the owner code of the selected security server
- ownerClass - the owner class of the selected security server
- certHash - the hash of the deleted authentication certificate of the selected security server
- certHashAlgorithm - the hash algorithm used to calculate value of the field certHash
|
2.1.5 Global Groups Events
The audit log events related to configuration of the X-Road global groups.
Event | Data fields |
Add global group | - code - the group code of the added global group
- description - the description of the added global group
|
Edit global group description | - code - the group code of the edited global group
- description - the new description of the edited global group
|
Delete global group | - code - the group code of the deleted global group
- description - the description of the deleted global group
|
Add members to global group | - code - the group code of the selected global group
- description - the description of the selected global group
- memberIdentifiers - the list of member identifiers of the members added to the selected global group
|
Remove members from global group | - code - the group code of the selected global group
- description - the description of the selected global group
- memberIdentifiers - the list of member identifiers of the members removed from the selected global group
|
2.1.6 Certification Services Events
The audit log events related to configuration of the X-Road certification services.
Event | Data fields |
Add certification service | - caId - the identifier of the added certification service
- caCertHash - the hash of the CA certificate of the added certification service
- caCertHashAlgorithm - the hash algorithm used to calculate value of the field caCertHash
- authenticationOnly - the authentication only flag of the added certification service
- certificateProfileInfo - the fully qualified (Java) class name that implements the CertificateProfileInfo interface of the added certification service
|
Edit certification service settings | - caId - the identifier of the edited certification service
- caCertHash - the hash of the CA certificate of the edited certification service
- caCertHashAlgorithm - the hash algorithm used to calculate value of the field caCertHash
- authenticationOnly - the (new) authentication only flag of the edited certification service
- certificateProfileInfo - the fully qualified (Java) class name that implements the CertificateProfileInfo interface of the eddited certification service
|
Delete certification service | - caId - the identifier of the deleted certification service
|
Add intermediate CA | - caId - the identifier of the selected certification service
- intermediateCaId - the identifier of the intermediate CA added to the selected certification service
- intermediateCaCertHash - the hash of the intermediate CA certificate
- intermediateCaCertHashAlgorithm - the hash algorithm used to calculate value of the field intermediateCaCertHash
|
Delete intermediate CA | - intermediateCaId - the identifier of the deleted intermediate CA
|
Add OCSP responder of certification service | - caId - the identifier of the selected certification service
- ocspId - the identifier of the OCSP responder added to the selected certification service
- ocspUrl - the URL of the added OCSP responder
- ocspCertHash - the hash of the added OCSP responder certificate
- ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash
|
Add OCSP responder of intermediate CA | - intermediateCaId - the identifier of the selected intermediate CA
- ocspId - the identifier of the OCSP responder added to the selected intermediate CA
- ocspUrl - the URL of the added OCSP responder
- ocspCertHash - the hash of the added OCSP responder certificate
- ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash
|
Edit OCSP responder | - ocspId - the identifier of the edited OCSP responder
- ocspUrl - the (new) URL of the edited OCSP responder
- ocspCertHash - the (new) hash of the edited OCSP responder certificate
- ocspCertHashAlgorithm - the hash algorithm used to calculate value of the field ocspCertHash
|
Delete OCSP responder | - ocspId - the identifier of the deleted OCSP responder
|
2.1.7 Timestamping Services Events
The audit log events related to configuration of the X-Road timpestamping services.
Event | Data fields |
Add timestamping service | - tsaId - the identifier of the added timestamping service
- tsaName - the name of the added timestamping service
- tsaUrl - the URL of the added timestamping service
- tsaCertHash - the hash of the timestamping service certificate
- tsaCertHashAlgorithm - the hash algorithm used to calculate value of the field tsaCertHash
|
Edit timestamping service | - tsaId - the identifier of the edited timestamping service
- tsaName - the (new) name of the edited timestamping service
- tsaUrl - the (new) URL of the edited timestamping service
- tsaCertHash - the hash of the edited timestamping service certificate
- tsaCertHashAlgorithm - the hash algorithm used to calculate value of the field tsaCertHash
|
Delete timestamping service | - tsaId - the identifier of the deleted timestamping service
- tsaName - the name of the deleted timestamping service
- tsaUrl - the URL of the deleted timestamping service
|
2.1.8 Management Requests Events
The audit log events related to the management requests.
Event | Data fields |
Add management request | - requestId - the identifier of the added request
|
Revoke management request | - requestId - the identifier of the revoked request
|
Approve management request | - requestId - the identifier of the approved request
|
Decline management request | - requestId - the identifier of the declined request
|
2.1.9 Configuration Management Events
The audit log events related to configuration management.
Event | Data fields |
Re-create internal configuration anchor | - anchorFileHash - the hash of the re-created internal configuration anchor file
- anchorFileHashAlgorithm - the hash algorithm used to calculate value of the field anchorFileHash
|
Generate internal configuration signing key | - tokenId - the identifier of the token used to generate the signing key
- tokenSerialNumber - the serial number of the token
- tokenFriendlyName - the friendly name of the token
- keyId - the identifier of the generated signing key
- keyFriendlyName - the friendly name of the generated key
- certHash - the hash of the generated signing certificate
- certHashAlgorithm - the hash algorithm used to calculate value of the field certHash
|
Activate internal configuration signing key | - tokenId - the identifier of the token owning the signing key
- tokenSerialNumber - the serial number of the token
- tokenFriendlyName - the friendly name of the token
- keyId - the identifier of the activated signing key
|
Delete internal configuration signing key | - tokenId - the identifier of the token owning the signing key
- tokenSerialNumber - the serial number of the token
- tokenFriendlyName - the friendly name of the token
- keyId - the identifier of the deleted signing key
|
Re-create external configuration anchor | - anchorFileHash - the hash of the re-created external configuration anchor file
- anchorFileHashAlgorithm - the hash algorithm used to calculate value of the field anchorFileHash
|
Generate external configuration signing key | - tokenId - the identifier of the token used to generate the signing key
- tokenSerialNumber - the serial number of the token
- tokenFriendlyName - the friendly name of the token
- keyId - the identifier of the generated signing key
- keyFriendlyName - the friendly name of the generated key
- certHash - the hash of the generated signing key certificate
- certHashAlgorithm - the hash algorithm used to calculate value of the field certHash
|
Activate external configuration signing key | - tokenId - the identifier of the token owning the signing key
- tokenSerialNumber - the serial number of the token
- tokenFriendlyName - the friendly name of the token
- keyId - the identifier of the activated signing key
|
Delete external configuration signing key | - tokenId - the identifier of the token owning the signing key
- tokenSerialNumber - the serial number of the token
- tokenFriendlyName - the friendly name of the token
- keyId - the identifier of the deleted signing key
|
Add trusted anchor | - anchorFileHash - the hash of the added anchor file
- anchorFileHashAlgorithm - the hash algorithm used to calculate value of the field anchorFileHash
- instanceIdentifier - the X-Road instance identifier of the added anchor
- generatedAt - the UTC time when anchor file was generated
- anchorUrls - the configuration download URLs of the added anchor
|
Delete trusted anchor | - anchorFileHash - the hash of the deleted anchor file
- anchorFileHashAlgorithm - the hash algorithm used to calculate value of the field anchorFileHash
- instanceIdentifier - the X-Road instance identifier of the deleted anchor
|
Log in to token | - tokenId - the identifier of the token logged in
- tokenSerialNumber - the serial number of token
- tokenFriendlyName - the friendly name of token
|
Log out from token | - tokenId - the identifier of the token logged out
- tokenSerialNumber - the serial number of token
- tokenFriendlyName - the friendly name of token
|
Upload configuration part | - sourceType - the source type (internal or external) of the uploaded configuration part
- contentIdentifier - the content identifier of the uploaded configuration part
- partFileName - the internal name of the configuration part file
- uploadFileName - the name of the uploaded configuration part file
- uploadFileHash - the hash of the uploaded configuration part file
- uploadFileHashAlgorithm - the hash algorithm used to calculate value of the field uploadFileHash
|
2.1.10 System Settings Events
The audit log events related to the system settings.
Event | Data fields |
Edit Central Server address | - centralServerAddress - the new address of the Central Server
|
Register management service provider as Security Server client | - serverCode - the server code of the management services' security server
- ownerClass - the owner class of the management services' security server
- ownerCode - the owner code of the management services' security server
- clientIdentifier - the client identifier of the registered management service provider
|
Edit provider of management services | - serviceProviderIdentifier - the new service provider identifier of the management service
- serviceProviderName - the new service provider name of the management service
|
Add member class | - code - the code of the added member class
- description - the description of the added member class
|
Edit member class description | - code - the code of the edited member class
- description - the new description of the edited member class
|
Delete member class | - code - the code of the deleted member class
|
API key create | - apiKeyId - identifier of the API key
- apiKeyRoles - array containing the roles associated with the API key
|
API key update | - apiKeyId - identifier of the API key
- apiKeyRoles - array containing the roles associated with the API key
|
API key remove | - apiKeyId - identifier of the API key
- apiKeyRoles - array containing the roles associated with the API key
|
2.1.11 Backup and Restore Events
The audit log events related to back up and restore.
Event | Data fields |
Back up configuration | - backupFileName - the name of the created backup file
|
Upload backup file | - backupFileName - the name of the uploaded backup file
|
Delete backup file | - backupFileName - the name of the deleted backup file
|
Restore configuration | - backupFileName - the name of the backup file used to restore configuration
|
2.2 Security Server
2.2.1 Common Events
The audit log events related to the UI logging.
Event | Data fields |
Log in user | |
Log out user | |
2.2.2 Initialization Events
The audit log events related to initialization.
Event | Data fields |
Initialize anchor | - anchorFileHash - the hash of the initialized anchor file
- anchorFileHashAlgorithm - the hash algorithm used to calculate value of the field anchorFileHash
- generatedAt - the UTC time when the anchor file was generated
|
Initialize server configuration | - ownerIdentifier - the owner identifier of the initialized security server
- serverCode - the server code of the initialized security server
|
2.2.3 Security Server Clients Events
The audit log events related to the security server clients configuration.
Event | Data fields |
Add client | - clientIdentifier - the client identifier of the added client
- isAuthentication - the information system authentication type of the added client
- clientStatus - the status of the added client
|
Register client | - clientIdentifier - the client identifier of the registered client
- managementRequestId - the identifier of the corresponding management request in the Central Server
- clientStatus - the status of the registered client
|
Unregister client | - clientIdentifier - the client identifier of the unregistered client
- managementRequestId - the identifier of the corresponding management request in the Central Server
- clientStatus - the status of the unregistered client
|
Delete client | - clientIdentifier - the client identifier of the deleted client
|
Delete orphaned client keys, certs and certificates | - tokenId - the identifier of the token where the deleted key located
- tokenSerialNumber - the serial number of the token
- tokenFriendlyName - the friendly name of the token
- keyId - the identifier of the deleted key
- keyFriendlyName - the friendly name of the deleted key
- keyUsage - the key usage of the deleted key
- clientIdentifier - the client identifier of the client which certificates and certificate requests were deleted
- certHashes - the list of hashes of the deleted certificates
- certHashAlgorithm - the hash algorithm used to calculate hash values of the field certHashes
- certRequestIds - the list of identifiers of the deleted certificate requests
|
Change owner | - clientIdentifier - the client identifier of the selected client
- managementRequestId - the identifier of the corresponding management request in the Central Server
- clientStatus - the status of the registered client
|
Add service description | - clientIdentifier - the client identifier of the selected client
- url - the URL of the added service description of the selected client
- serviceType - type of the service description: WSDL, REST, or OPENAPI3
- disabled - the flag indicating whether the added WSDL and all its services were disabled
- refreshedDate - the time when the added WSDL was refreshed
|
Delete service description | - clientIdentifier - the client identifier of the selected client
- url - the URL of the service description of the selected client
- serviceType - type of the service description: WSDL, REST, or OPENAPI3
|
Disable service description | - clientIdentifier - the client identifier of the selected client
- url - the URL of the service description of the selected client
- serviceType - type of the service description: WSDL, REST, or OPENAPI3
- disabledNotice - the notice of the disabled WSDLs
|
Enable service description | - clientIdentifier - the client identifier of the selected client
- url - the URL of the service description of the selected client
- serviceType - type of the service description: WSDL, REST, or OPENAPI3
|
Refresh service description | - clientIdentifier - the client identifier of the selected client
- url - the previous URL of the service description
- serviceType - type of the service description: WSDL, REST, or OPENAPI3
- urlNew - the new URL of the service description
- wsdl - wsdl data (only for type WSDL)
- servicesAdded - the list of services added during refresh
- servicesDeleted - the list of services removed during refresh
|
Edit service description | - clientIdentifier - the client identifier of the selected client
- url - the URL of the added service description of the selected client
- serviceType - type of the service description: WSDL, REST, or OPENAPI3
- wsdl - wsdl data (only for type WSDL):
- servicesAdded - the list of services added by the new WSDL
- servicesDeleted - the list of services removed by the new WSDL
|
Edit service parameters | - clientIdentifier - the client identifier of the member provided the edited services
- url - the URL of the added service description of the selected client
- serviceType - type of the service description: WSDL, REST, or OPENAPI3
- services - the list of the edited services. The list item contains of the following data fields:
- id - the identifier of the service
- url - the URL of the service
- timeout - the timeout of the service
- tlsAuth - the flag indicating whether the certificate of the service provider should be verified for TLS connections
|
Add access rights to service | - clientIdentifier - the client identifier of the member provided the selected service
- serviceCode - the selected service code
- subjectIds - the list of the selected subject identifiers to which the access of the selected service granted
|
Remove access rights from service | - clientIdentifier - the client identifier of the member provided the selected service
- serviceCode - the selected service code
- subjectIds - the list of the selected subject identifiers from which the access of the selected service denied
|
Add access rights to subject | - clientIdentifier - the client identifier of the member provided the selected service
- subjectId - the selected subject identifier
- serviceCodes - the list of the service codes which access granted to the selected subject
|
Remove access rights from subject | - clientIdentifier - the client identifier of the member provided the selected service
- subjectId - the selected subject identifier
- serviceCodes - the list of the service codes which access denied to the selected subject
|
Set connection type for servers in service consumer role | - clientIdentfier - the client identifier of the selected client
- isAuthentication - the new information system authentication type of the selected client
|
Add internal TLS certificate | - clientIdentfier - the client identifier of the selected client
- certHash - the hash of the certificate added to the selected client
- certHashAlgorithm - the hash algorithm used to calculate value of the field certHash
|
Delete internal TLS certificate | - clientIdentfier - the client identifier of the selected client
- certHash - the hash of the certificate deleted from the selected client
- certHashAlgorithm - the hash algorithm used to calculate value of the field certHash
|
Add group | - clientIdentifier - the client identifier of the selected client
- groupCode - the code of the local group added to the selected client
- groupDescription - the description of the added local group
|
Edit group description | - clientIdentifier - the client identifier of the selected client
- groupCode - the code of the edited local group of the selected client
- groupDescription - the new description of the edited local group
|
Add members to group | - clientIdentifier - the client identifier of the selected client
- groupCode - the code of the selected local group of the selected client
- memberIdentifiers - the list of member identifiers of members added to the selected local group
|
Remove members from group | - clientIdentifier - the client identifier of the selected client
- groupCode - the code of the selected global group of the selected client
- memberIdentifiers - the list of member identifiers of the removed members
|
Delete group | - clientIdentifier - the client identifier of the selected client
- groupCode - the code of the deleted local group of the selected client
- groupDescription - the description of the deleted local group
|
2.2.4 System Parameters Events
The audit log events related to the system parameters.
Event | Data fields |
Generate certificate request for TLS | - subjectName - the subject name of the generated certificate request
|
Import TLS certificate from file | - certHash - the hash of the generated internal TLS certificate
- certHashAlgorithm - the hash algorithm used to calculate value of the field certHash
|
Upload configuration anchor | - anchorFileHash - the hash of the uploaded anchor file
- anchorFileHashAlgorithm - the hash algorithm used to calculate value of the field anchorFileHash
- generatedAt - the UTC time when the anchor file was generated
|
Add timestamping service | - tspName - the name of the added timestamping service
- tspUrl - the URL of the added timestamping service
|
Delete timestamping service | - tspName - the name of the deleted timestamping service
- tspUrl - the URL of the deleted timestamping service
|
Generate new internal TLS key and certificate | - certHash - the hash of the generated internal TLS certificate
- certHashAlgorithm - the hash algorithm used to calculate value of the field certHash
|
2.2.5 Keys and Certificates Events
The audit log events related to keys and certificates management
2.2.6 Backup and Restore Events
The audit log events related to backup and restore.
Event | Data fields |
Back up configuration | - backupFileName - the name of the created backup file
|
Upload backup file | - backupFileName - the name of the uploaded backup file
|
Delete backup file | - backupFileName - the name of the deleted backup file
|
Restore configuration | - backupFileName - the name of the backup file used to restore configuration
|
2.2.7 API Key Management Events
The audit log events related to API key management.
Event | Data fields |
API key create | - apiKeyId - identifier of the API key
- apiKeyRoles - array containing the roles associated with the API key
|
API key update | - apiKeyId - identifier of the API key
- apiKeyRoles - array containing the roles associated with the API key
|
API key remove | - apiKeyId - identifier of the API key
- apiKeyRoles - array containing the roles associated with the API key
|
2.2.8 Technical Events
The audit log events related to technical events, such as authentication failures. Except for Key management API log in
event, these events are only logged if they fail.
Event | Data fields |
Key management API log in | |
API key authentication | |
Auth credentials discovery | |
Access check
(if user did not have permission to do an operation which is not an audit logged event) | |
Authentication | |
2.3 Utility signer-console
The audit log events logged by the utility signer-console.
Event | Data fields |
Set a friendly name to the token | - tokenId - the entered token identifier
- tokenFriendlyName - the new friendly name for the entered token
|
Set a friendly name to the key | - keyId - the entered key identifier
- keyFriendlyName - the new friendly name for the entered key
|
Activate the certificate | - certId - the identifier of the activated certificate
|
Deactivate the certificate | - certId - the identifier of the deactivated certificate
|
Delete the key from token | - keyId - the identifier of the deleted key
|
Delete the certificate | - certId - the identifier of the deleted certificate
|
Delete the certificate request | - certRequestId - the identifier of the deleted certificate request
|
Import a certificate from the file | - certFileName - the name of the imported certificate file
- clientIdentifier - the client identifier of the member constructed from signing certificate
- keyId - the identifier of the key to which the certificate was imported.
|
Log into the token | - tokenId - the identifier of the token logged in
|
Initialize the software token | - tokenId - the identifier of the initialized token
|
Generate a key on the token | - tokenId - the identifier of the token used to generate the key
- keyId - the identifier of the generated key
- keyLabel - the label of the generated key
|
Generate CSR | - keyId - the identifier of the key used to generate the certification request
- keyUsage - the key usage
- clientIdentifier - the client identifier of the client which certificate request was generated
- subjectName - the subject name of the generated certification request
- csrFormat - the format (PEM / DER) of the generated CSR file
|