[ol7_latest] pki-ca-10.5.9-10.el7_6.noarch

Name:	pki-ca
Version:	10.5.9
Release:	10.el7_6
Architecture:	noarch
Group:	System Environment/Daemons
Size:	2408924
License:	GPLv2
RPM:	pki-ca-10.5.9-10.el7_6.noarch.rpm
Source RPM:	pki-core-10.5.9-10.el7_6.src.rpm
Build Date:	Thu Jan 31 2019
Build Host:	x86-ol7-builder-01.us.oracle.com
Vendor:	Oracle America
URL:	http://pki.fedoraproject.org/
Summary:	Certificate System - Certificate Authority
Description:	The Certificate Authority (CA) is a required PKI subsystem which issues, renews, revokes, and publishes certificates as well as compiling and publishing Certificate Revocation Lists (CRLs). The Certificate Authority can be configured as a self-signing Certificate Authority, where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. This package is one of the top-level java-based Tomcat PKI subsystems provided by the PKI Core used by the Certificate System. ================================== \|\| ABOUT "CERTIFICATE SYSTEM" \|\| ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework. Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities. Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc. Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * <customized>-pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.

Changelog (Show File list) (Show related packages)

Mon Dec 17 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-10

- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout
  configuration [rhel-7.6.z] (edewata)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,
  - # Added Batch Update Information to Product Version (mharmsen)

Mon Dec 10 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-9

- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification
  if enableOCSP is true [rhel-7.6.z] (jmagne)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,

Wed Dec 05 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-8

- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z]
  (dmoluguw)
- Bugzilla Bug #1645263 - Auth plugins leave passwords in the access
  log and audit log using REST [rhel-7.6.z] (dmoluguw)
- Bugzilla Bug #1645429 - pkispawn fails due to name collision with
  /var/log/pki/<instance> [rhel-7.6.z] (dmoluguw)
- Bugzilla Bug #1655951 - CC: tools supporting CMC requests output
  keyID needs to be captured in file [rhel-7.6.z] (cfu)
- Bugzilla Bug #1656297 - Unable to install with admin-generated keys
  [rhel-7.6.z] (edewata)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,

Mon Oct 29 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-7

- Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1632116 - CC: missing audit event for CS acting as
  TLS client [rhel-7.6.z] (cfu)
- Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be
  removed from the default ciphers list [rhel-7.6.z] (cfu)
- Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be
  enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu)
- Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder
  overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen)
- Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth
  [rhel-7.6.z] (cfu)
- Bugzilla Bug #1636490 - Installation of CA using an existing CA fails
  [rhel-7.6.z] (edewata)
- Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for
  a password [rhel-7.6.z] (edewata)
- Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra,
  pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne)
- Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when
  there is no space on the disk to write logs [rhel-7.6.z] (edewata)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,

Tue Aug 21 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-6

- Updated nuxwdog dependencies
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #673182 - ECC keys not supported for signing
  audit logs (cfu)
- Bugzilla Bug #1593805 - Better understanding of
  NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu)
- Bugzilla Bug #1601071 - Certificate generation happens with
  partial attributes in CMCRequest file (cfu)
- Bugzilla Bug #1601569 - CC: Enable all config audit events
  (cfu)
- Bugzilla Bug #1608375 - CMC Revocations throws exception
  with same reqIssuer & certissuer (cfu)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to

Thu Aug 09 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-5

- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0
  with latest version (abokovoy)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to

Tue Jul 31 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-4

- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1548203 - pki console configurations that involves ldap
  passwords leave the plain text password in signed audit logs (cfu)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1494591 - keyGen fails when only Identity

Mon Jul 23 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-3
```
- Re-spin alpha builds
```

Thu Jul 05 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-2

- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden
  by CSR encoding (cfu)
- Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a
  certificate (ftweedal)
- Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in
  SharedToken scenario's (cfu)
- Bugzilla Bug #1550742 - Address ECC profile overrides (cfu)
- Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu)
- Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu)
- Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request
  authenticated through SharedToken (cfu)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to

Mon Jun 11 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-1

- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1538311 - Using a Netmask produces an odd
  entry in a certifcate (ftweedal)
- Bugzilla Bug #1544843 - ExternalCA: Installation failed during
  csr generation with ecc (rrelyea, gkapoor)
- Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest
  upstream 10.5.x (RHEL) (mharmsen)
- Bugzilla Bug #1580394 - CMC CRMF requests result in
  InvalidKeyFormatException when signing algorithm is ECC (cfu)
- Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled
  ACL configuration in AAclAuthz.java reverses rules that allow
  and deny access (ftweedal, cfu)
- Bugzilla Bug #1585866 - CRMFPopClient tool - should allow
  option to do no key archival (cfu)
- Bugzilla Bug #1588655 - Cert validation for installation with
  external CA cert (edewata)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to