To replay encrypted audit trails in your browser and to view encrypted screenshots, upload the necessary private keys to your audit keystore. In the audit keystore, only private keys are stored.

NOTE: Previously, the audit keystore was used to store certificates as well as private keys. From SPS version 6.10 and onwards, you must upload the certificates to Basic settings > Local services > Indexer service. For more information on how to add certificates, see Configuring the internal indexer.

Only RSA keys (in PEM-encoded X.509 certificates) can be uploaded to the private keystore.

One Identity recommends using 2048-bit RSA keys (or stronger).

NOTE: Certificates are used as a container and delivery mechanism. For encryption and decryption, only the keys are used.

Use every keypair or certificate only for one purpose. Do not reuse cryptographic keys or certificates (for example, do not use the certificate of the One Identity Safeguard for Privileged Sessions (SPS) webserver to encrypt audit trails, or the same keypair for signing and encrypting data).

To manage your audit keystore, see the following sections: