I configured and enabled CSV audit event handler with tamper prevention using keyStoreNameHandler initially, when switched to use keystore path and password on admin UI, the handler becomes disabled as shown in audit.json file
1. unzip and startup openidm
2. create a directory for csv audit logs(csv_logs).
3. Do necessary configuration to enable CSV audit event handler with tamper protection through IDM admin UI, save changes.
4. Now on UI, change to use keystore path and password to access keystore instead of keyStoreNameHandler, save changes and check audit.json(attached), the handler becomes disabled.
Note: If I config and enable the handler using keystore path and password, the handler would be enabled in audit.json.