When enabling signing for a logger that already exists, the first log file will not be completely verifiable because it still contains unsigned content from before signing was enabled. Only log files whose entire content was written with signing enabled will be considered completely valid. For the same reason, if a log file is still open for writing, then signature validation will not indicate that the log is completely valid because the log will not include the necessary "end signed content" indicator at the end of the file.
To validate log file signatures, use the validate-file-signature tool provided in the bin directory of the server (or the bat directory on Windows systems). Once this property is enabled, disable and then re-enable the log publisher for the changes to take effect.
Perform the following steps to configure log signing: