[ol7_latest_archive] pki-kra-10.2.5-10.el7_2.noarch

Name:	pki-kra
Version:	10.2.5
Release:	10.el7_2
Architecture:	noarch
Group:	System Environment/Daemons
Size:	569187
License:	GPLv2
RPM:	pki-kra-10.2.5-10.el7_2.noarch.rpm
Source RPM:	pki-core-10.2.5-10.el7_2.src.rpm
Build Date:	Thu May 12 2016
Build Host:	x86-ol7-builder-02.us.oracle.com
Vendor:	Oracle America
URL:	http://pki.fedoraproject.org/
Summary:	Certificate System - Data Recovery Manager
Description:	The Data Recovery Manager (DRM) is an optional PKI subsystem that can act as a Key Recovery Authority (KRA). When configured in conjunction with the Certificate Authority (CA), the DRM stores private encryption keys as part of the certificate enrollment process. The key archival mechanism is triggered when a user enrolls in the PKI and creates the certificate request. Using the Certificate Request Message Format (CRMF) request format, a request is generated for the user's private encryption key. This key is then stored in the DRM which is configured to store keys in an encrypted format that can only be decrypted by several agents requesting the key at one time, providing for protection of the public encryption keys for the users in the PKI deployment. Note that the DRM archives encryption keys; it does NOT archive signing keys, since such archival would undermine non-repudiation properties of signing keys. This package is one of the top-level java-based Tomcat PKI subsystems provided by the PKI Core used by the Certificate System. ================================== \|\| ABOUT "CERTIFICATE SYSTEM" \|\| ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains ALL top-level java-based Tomcat PKI components: * pki-symkey * pki-base * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc which comprise the following corresponding PKI subsystems: * Certificate Authority (CA) * Data Recovery Manager (DRM) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS) For deployment purposes, PKI Core contains fundamental packages required by BOTH native-based Apache AND java-based Tomcat Certificate System instances consisting of the following components: * pki-tools Additionally, PKI Core contains the following fundamental packages required ONLY by ALL java-based Tomcat Certificate System instances: * pki-symkey * pki-base * pki-tools * pki-server PKI Core also includes the following components: * pki-javadoc Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package: * dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * <customized>-pki-server-theme NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.

Changelog (Show File list) (Show related packages)

Thu Apr 21 2016 Dogtag Team <pki-devel@redhat.com> 10.2.5-10

- Bugzilla Bug #1318302 - pkispawn ignores 3rd-party CA certs in
  pki_clone_pkcs12_path (python hash fix)

Fri Mar 18 2016 Dogtag Team <pki-devel@redhat.com> 10.2.5-9

- Bugzilla Bug #1318302 - pkispawn ignores 3rd-party CA certs in
  pki_clone_pkcs12_path
- Bugzilla Bug #1320580 - IPA replica installation fails if password
  has % character in it.

Fri Mar 18 2016 Dogtag Team <pki-devel@redhat.com> 10.2.5-8

- PKI TRAC Ticket #1699 - CA PKCS7 display does not seem to be properly
  formatted

Thu Feb 18 2016 Dogtag Team <pki-devel@redhat.com> 10.2.5-7

- Bugzilla Bug #1289323 -  [RFE] Provide the user the ability to import their
  own CA certificate with private key [edewata]
- Bugzilla Bug #1277691 - ipa-cacert-manage renew failed with validity
  out of range [edewata]
- PKI TRAC Ticket #2040 - Determine supported javadoc options [mharmsen]

Mon Sep 21 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-6

- Bugzilla Bug #1258630 - Upgraded CA lacks ca.sslserver.certreq
  in CS.cfg [edewata]
- Bugzilla Bug #1258634 - CA fails to authenticate to KRA for
  archival [edewata]

Wed Aug 12 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-5

- Bugzilla Bug #1253045 - handle_exceptions() raises JSONDecodeError [cheimes]
  'pki-core-handle-JSON-decode-error.patch'
-    modified for RHEL 7.2 by removing changes to '.gitignore',
     'tests/python/test_pki.py', and 'tox.ini' [mharmsen]
- Bugzilla Bug #1253047 - issues in cloning from dogtag 9 to 10 [alee]
  'pki-core-fix-exception-when-talking-to-Dogtag-9-systems.patch'

Wed Jul 15 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-4

- Bugzilla Bug #1143067 - The pkiuser user/group should be created in
  rpm %pre, and ideally with fixed uid/gid [cheimes]

Mon Jul 06 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-3

- Dogtag 10.2.5-3 patch for RHEL 7.2 Re-base
-   git format-patch cc97f8628b23f8ea75308bb97a31307cb4f162b9^..
    ac5447a8e0bac5112882be700a17a9274e322adc --stdout > pki-core-rhel-7-2.patch
-   remove e5c4e87ac5ce881efa160352ce87ad81026f3446 (QE test)
- Contents of 'pki-core-rhel-7-2.patch':
-   PKI TRAC Ticket #1249 -	Misleading self test log message [edewata]
-   PKI TRAC Ticket #1444 - pkispawn: installation aborts when HSM contains
    empty slots [edewata]
-   PKI TRAC Ticket #995 - Provide more info on how to use --input with pki
    cert-find in the man page [edewata]
-   PKI TRAC Ticket #1122 - Need to describe paging options in 'pki' man page
    [edewata]
-   Cleaned up SystemConfigService.validateRequest() [edewata]
-   Cleaned up SystemConfigService.configureClone() [edewata]
-   PKI TRAC Ticket #1438 - pkispawn: SSL_ForceHandshake issue for non-CA on
    HSM on both shared and nonshared tomcat instances [cfu]
-   PKI TRAC Ticket #1442 - Ability to toggle profile usablity in Web vs CLI
    tools [jmagne]
-   PKI TRAC Ticket #1441 - Lack of Interactive Installation Support
   (Cloning, Subordinates, Externals, HSMs, ECC) [mharmsen]
-   PKI TRAC Ticket #1446 - Unable to select ECC Curves from EE [jmagne]
-   Fixed pki help CLI [edewata]
-   Fixed NPE in key-archive CLI [edewata]
-   PKI TRAC Ticket #891 - Missing fail-over code in HttpConnection [edewata]
-   PKI TRAC Ticket #1447 - pkispawn: findCertByNickname fails to find cert in
    creating shared tomcat subsystems on HSM [cfu]
-   PKI TRAC Ticket #1425 - pkispawn CA with HSM - if the config file has
    pki_client related params the dir is not created and the admin cert p12
    file is stored nowhere [mharmsen]
-   PKI TRAC Ticket #1358 - Retrying failed OCSP clone results duplicate
    replecation id and a failure [jmagne]
-   PKI TRAC Ticket #1462 - profile update in raw format accepts bad config
    [ftweedal]
-   PKI TRAC Ticket #1449 - pki cert-find could be time consuming: add VLV
    index for new installations [edewata]

Sat Jun 20 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-2
```
- Remove ExcludeArch directive
```
Fri Jun 19 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-1
```
- Update release number for release build
```