| Name: | pki-ca |
|---|
| Version: | 10.5.1 |
|---|
| Release: | 14.el7_5 |
|---|
| Architecture: | noarch |
|---|
| Group: | System Environment/Daemons |
|---|
| Size: | 2451469 |
|---|
| License: | GPLv2 |
|---|
| RPM: |
pki-ca-10.5.1-14.el7_5.noarch.rpm
|
| Source RPM: |
pki-core-10.5.1-14.el7_5.src.rpm
|
| Build Date: | Thu Aug 16 2018 |
|---|
| Build Host: | x86-ol7-builder-03.us.oracle.com |
|---|
| Vendor: | Oracle America |
|---|
| URL: | http://pki.fedoraproject.org/ |
|---|
| Summary: | Certificate System - Certificate Authority |
|---|
| Description: | The Certificate Authority (CA) is a required PKI subsystem which issues,
renews, revokes, and publishes certificates as well as compiling and
publishing Certificate Revocation Lists (CRLs).
The Certificate Authority can be configured as a self-signing Certificate
Authority, where it is the root CA, or it can act as a subordinate CA,
where it obtains its own signing certificate from a public CA.
This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains ALL top-level java-based Tomcat PKI components:
* pki-symkey
* pki-base
* pki-base-python2 (alias for pki-base)
* pki-base-python3
* pki-base-java
* pki-tools
* pki-server
* pki-ca
* pki-kra
* pki-ocsp
* pki-tks
* pki-tps
* pki-javadoc
which comprise the following corresponding PKI subsystems:
* Certificate Authority (CA)
* Key Recovery Authority (KRA)
* Online Certificate Status Protocol (OCSP) Manager
* Token Key Service (TKS)
* Token Processing Service (TPS)
Python clients need only install the pki-base package. This
package contains the python REST client packages and the client
upgrade framework.
Java clients should install the pki-base-java package. This package
contains the legacy and REST Java client packages. These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.
Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools. The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.
Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:
* dogtag-pki-theme (Dogtag Certificate System deployments)
* dogtag-pki-server-theme
* redhat-pki-server-theme (Red Hat Certificate System deployments)
* redhat-pki-server-theme
* customized pki theme (Customized Certificate System deployments)
* <customized>-pki-server-theme
NOTE: As a convenience for standalone deployments, top-level meta
packages may be provided which bind a particular theme to
these certificate server packages. |
|---|
-
Mon Jul 02 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-14
- Updated "jss" build and runtime requirements (mharmsen)
- Updated "tomcatjss" build and runtime requirements (mharmsen)
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE
[rhel-7.5.z] (cfu)
- Bugzilla Bug #1593585 - Need proper default subjectDN for CMC request
authenticated through SharedToken [rhel-7.5.z] (cfu)
- Bugzilla Bug #1594128 - CMC: Audit Events needed for failures in
SharedToken scenario's [rhel-7.5.z] (cfu)
- Bugzilla Bug #1595606 - AuditVerify failure due to line breaks
[rhel-7.5.z] (cfu)
- Bugzilla Bug #1596525 - Address ECC profile overrides [rhel-7.5.z] (cfu)
- Bugzilla Bug #1596551 - X500Name.directoryStringEncodingOrder overridden
by CSR encoding [rhel-7.5.z] (cfu)
- Bugzilla Bug #1553068 - Using a Netmask produces an odd entry in a
certifcate [rhel-7.5.z] (ftweedal)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
-
Sat Jun 09 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-13.1
- Rebuild due to build system database problem
-
Fri Jun 08 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-13
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1553068 - Using a Netmask produces an odd
entry in a certifcate [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1585945 - CMC CRMF requests result in
InvalidKeyFormatException when signing algorithm is ECC
[rhel-7.5.z] (cfu)
- Bugzilla Bug #1587826 - ExternalCA: Installation failed during
csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor)
- Bugzilla Bug #1588944 - Cert validation for installation with
external CA cert [rhel-7.5.z] (edewata)
- Bugzilla Bug #1588945 - CRMFPopClient tool - should allow
option to do no key archival (cfu)
- Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled
ACL configuration in AAclAuthz.java reverses rules that allow
and deny access [rhel-7.5.z] (ftweedal, cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
-
Tue May 22 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-12
- Updated "jss" build and runtime requirements (mharmsen)
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest,
CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu)
- Bugzilla Bug #1572548 - IPA install with external-CA is failing when
FIPS mode enabled. [rhel-7.5.z] (edewata)
- Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE
[rhel-7.5.z] (cfu)
- Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue
with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs
improvement [rhel-7.5.z] (jmagne)
- Bugzilla Bug #1581135 - SAN in internal SSL server certificate in
pkispawn configuration step [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong
input class_id [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System
9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
-
Mon Apr 09 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-11
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for
standard conformance [rhel-7.5.z] (cfu)
- Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools
CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1560233 - libtps does not directly depend on libz
-
Fri Mar 23 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-10
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1550581 - CMCAuth throws
org.mozilla.jss.crypto.TokenException: Unable to insert certificate into
temporary database [rhel-7.5.z] (cfu)
- Bugzilla Bug #1551067 - [MAN] Add --skip-configuration
and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata)
- Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers
[rhel-7.5.z] (cheimes, mharmsen)
- Bugzilla Bug #1553068 - Using a Netmask produces an odd entry
in a certifcate [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for
standard conformance [rhel-7.5.z] (cfu)
- Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled
by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu)
- Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools
CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
- Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives
StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1558919 - Not able to generate certificate request
with ECC using pki client-cert-request [rhel-7.5.z] (akahat)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1560233 - libtps does not directly depend on libz
-
Mon Feb 19 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-9
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
- Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event
set (RHEL) (edewata)
- Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata)
- Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM
and FIPS (edewata)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
- # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event
-
Mon Feb 12 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-8
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
- Bugzilla Bug #1542210 - pki console configurations that involves ldap
passwords leave the plain text password in debug logs (jmagne)
- Bugzilla Bug #1543242 - Regression in lightweight CA key replication
(ftweedal)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
-
Mon Feb 05 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-7
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
- Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event
set (RHEL) (edewata)
- Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and
audit event logging at startup (jmagne)
- Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA instance
(alee)
- Bugzilla Bug #1525306 - CC: missing CMC request and response record
(cfu)
- Bugzilla Bug #1532933 - Installing subsystems with external CMC
certificates in HSM environment shows import error (edewata)
- Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm
(edewata)
- Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers
permitted in fips mode (mharmsen)
- Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED
outcomes. (edewata)
- Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in
SharedToken scenario's (cfu)
- Bugzilla Bug #1541526 - CMC: Revocation works with an unknown
revRequest.issuer (cfu)
- Bugzilla Bug #1541853 - ProfileService: config values with
backslashes have backslashes removed (ftweedal)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
- # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit
- # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the
-
Tue Jan 23 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-6
- Updated jss, nuxwdog, and openssl dependencies
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
(RHEL)
- Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in
few cases (ftweedal)
- Bugzilla Bug #1428021 - CC: shared token storage and retrieval
mechanism (cfu)
- Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false
would cause error (cfu)
- Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog
(alee)
- Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during
pkispawn (alee)
- Bugzilla Bug #1520526 - p12 admin certificate is missing when
certificate is signed Externally (edewata)
- Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA
instance (alee)
- Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to
missing nextupdate field (ftweedal)
- Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen)
- Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords
in several different files after installation completes (alee)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,