Name: | pki-server |
Version: | 10.4.1 |
Release: | 17.el7_4 |
Architecture: | noarch |
Group: | System Environment/Base |
Size: | 4651365 |
License: | GPLv2 |
RPM: |
pki-server-10.4.1-17.el7_4.noarch.rpm
|
Source RPM: |
pki-core-10.4.1-17.el7_4.src.rpm
|
Build Date: | Thu Nov 30 2017 |
Build Host: | x86-ol7-builder-01.us.oracle.com |
Vendor: | Oracle America |
URL: | http://pki.fedoraproject.org/ |
Summary: | Certificate System - PKI Server Framework |
Description: | The PKI Server Framework is required by the following four PKI subsystems:
the Certificate Authority (CA),
the Key Recovery Authority (KRA),
the Online Certificate Status Protocol (OCSP) Manager,
the Token Key Service (TKS), and
the Token Processing Service (TPS).
This package is a part of the PKI Core used by the Certificate System.
The package contains scripts to create and remove PKI subsystems.
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains ALL top-level java-based Tomcat PKI components:
* pki-symkey
* pki-base
* pki-base-python2 (alias for pki-base)
* pki-base-python3
* pki-base-java
* pki-tools
* pki-server
* pki-ca
* pki-kra
* pki-ocsp
* pki-tks
* pki-tps
* pki-javadoc
which comprise the following corresponding PKI subsystems:
* Certificate Authority (CA)
* Key Recovery Authority (KRA)
* Online Certificate Status Protocol (OCSP) Manager
* Token Key Service (TKS)
* Token Processing Service (TPS)
Python clients need only install the pki-base package. This
package contains the python REST client packages and the client
upgrade framework.
Java clients should install the pki-base-java package. This package
contains the legacy and REST Java client packages. These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.
Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools. The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.
Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:
* dogtag-pki-theme (Dogtag Certificate System deployments)
* dogtag-pki-server-theme
* redhat-pki-server-theme (Red Hat Certificate System deployments)
* redhat-pki-server-theme
* customized pki theme (Customized Certificate System deployments)
* <customized>-pki-server-theme
NOTE: As a convenience for standalone deployments, top-level meta
packages may be provided which bind a particular theme to
these certificate server packages. |
-
Fri Nov 10 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-17
- ###########################################################################
- ## RHCS 9.2
- ###########################################################################
- #Bugzilla Bug #1507160 - TPS new configuration to allow the protocol of
-
Fri Oct 13 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-16
- ###########################################################################
- ## RHCS 9.2
- ###########################################################################
- #Bugzilla Bug #1439228 - externalRegRecover does not support multiple
- #Bugzilla Bug #1507160 - TPS new configuration to allow the protocol of
- #Bugzilla Bug #1471996 - Certificate Revocation Reasons not being updated
- ###########################################################################
- ## RHEL 7.4
- ###########################################################################
- Bugzilla Bug #1500499 - Certificate Revocation Reasons not being updated
in some cases [rhel-7.4.z] (cfu)
- Bugzilla Bug #1502527 - CA cert without Subject Key Identifier causes
issuance failure [rhel-7.4.z] (ftweedal)
- Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0
[rhel-7.4.z] (ftweedal)
NOTE: Check-ins for #1492560 all reference the dogtagpki Pagure Issue
associated with Bugzilla Bug #1402280 - CA Cloning: Failed to
update number range in few cases (which is not yet fully resolved)
-
Mon Sep 18 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-15
- Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0
[rhel-7.4.z] (ftweedal)
-
Tue Sep 12 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-14
- Require "jss >= 4.4.0-8" as a build and runtime requirement
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Resolves: rhbz #1486870,1485833,1487509,1490241,1491332
- Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions)
[RHEL 7.4.z] (ftweedal)
- Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error
in cmc user-signed [rhel-7.4.z] (cfu)
- Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from
RHEL 7.1 [rhel-7.4.z] (ftweedal)
- Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS)
[rhel-7.4.z] (ftweedal)
- Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin
for token certificates on TPS UI Server [rhel-7.4.z] (edewata)
- dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data:
TypeError: ... is not JSON serializable (ftweedal)
- ##########################################################################
- RHCS 9.2:
- ##########################################################################
- Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271
- Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and
"tokenType" certificate attribute for recovered certificates. (cfu)
- Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin
for token certificates on TPS UI (edewata)
-
Mon Aug 21 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-13
- Resolves: rhbz #1463350
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1463350 - Access banner validation (edewata)
[pki-core-server-access-banner-retrieval-validation.patch]
-
Wed Jul 19 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-12
- Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing
certificate requests (cfu)
[PREVIOUS PATCH: pki-core-beta.patch]
[PREVIOUS PATCH: pki-core-snapshot-4.patch]
- Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause
error (cfu)
[PREVIOUS PATCH: pki-core-post-beta.patch]
- Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert
against CMC signer (cfu)
[PREVIOUS PATCH: pki-core-CMC-check-HTTPS-client-authentication-cert.patch]
- Bugzilla Bug #1463350 - Access banner validation (edewata)
[pki-core-server-access-banner-validation.patch]
- Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal
non-signing cert requests (cfu)
[PREVIOUS PATCH: pki-core-snapshot-1.patch]
[pki-core-pre-signed-CMC-renewal-UniqueKeyConstraint.patch]
- Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen)
[pki-core-platform-dependent-python-import.patch]
- Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with
id-cmc-statusInfoV2 (cfu)
[pki-core-CMC-id-cmc-statusInfoV2.patch]
- Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option
(dmoluguw)
[pki-core-subsystem-cert-update-CLI-cert-option.patch]
- Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03
(jmagne)
[pki-core-HSM-key-changeover-SCP03-support.patch]
- Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system
certificates (cfu)
[pki-core-system-cert-CMC-enroll-profile.patch]
-
Mon Jul 17 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-11
- Resolves: rhbz #1469432
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1469432 - CMC plugin default change
- Resolves CVE-2017-7537
- Fixes BZ #1470948
-
Mon Jun 19 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-10
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1458043 - Key recovery on token fails with
invalid public key error on KRA (alee)
- Bugzilla Bug #1460764 - CC: CMC: check HTTPS client
authentication cert against CMC signer (cfu)
- Bugzilla Bug #1461533 - Unable to find keys in the p12 file after
deleting the any of the subsystem certs from it (ftweedal)
-
Mon Jun 12 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-9
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret)
using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne)
- Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC
non-signing certificate requests (cfu)
- Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC
revocation non-signing cert requests (cfu)
- Bugzilla Bug #1458047 - change the way aes clients refer to
aes keysets (alee)
- Bugzilla Bug #1458055 - dont reuse IVs in the CMC code
(alee)
- Bugzilla Bug #1460028 - In keywrap mode, key recovery on
KRA with HSM causes KRA to crash (ftweedal)
-
Mon Jun 05 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-8
- Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement
- Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS
enabled system (edewata)
- Bugzilla Bug #1447144 - CA brought down during separate KRA instance
creation (edewata)
- Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure
ACCESS_SESSION_ESTABLISH_FAILURE (edewata)
- Bugzilla Bug #1454450 - SubCA installation failure with 2 step
installation in fips enabled mode (edewata)
- Bugzilla Bug #1456597 - Certificate import using pki client-cert-import
is asking for password when already provided (edewata)
- Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes)
- Bugzilla Bug #1458043 - Key recovery using externalReg fails
with java null pointer exception on KRA (alee)
- Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter
(edewata)
- Bugzilla Bug #1458429 - client-cert-import --ca-cert should
import CA cert with trust bits "CT,C,C" (edewata)
- ##########################################################################
- RHCS 9.2:
- ##########################################################################
- Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)