The changes made by the system administrator regarding the revocation of device certificates would typically be logged in the Certificate Authority (CA) log or the Public Key Infrastructure (PKI) log. These logs record various actions taken within the certificate management system, including issuing, renewing, and revoking certificates.
Additionally, if the system maintains logs for access control or network security monitoring, the following logs might also reflect these changes:
-
Security Event Logs: If the revocation affects access permissions, the security logs on the network devices might capture the events related to access denials post-revocation.
-
System Logs: The operating system's event logs could also record administrative actions taken, including revocation events.
-
Network Device Logs: Any logs generated by firewalls, switches, or other network devices may log failed access attempts if the revoked certificates were associated with those devices.
In summary, the primary log to check for certificate revocation would be the Certificate Authority log, while supporting logs can be found in security event logs and system logs related to network activity.