[ol7_optional_archive] pki-tks-10.1.2-7.el7.noarch

The Token Key Service (TKS) is an optional PKI subsystem that manages the
master key(s) and the transport key(s) required to generate and distribute
keys for hardware tokens.  TKS provides the security between tokens and an
instance of Token Processing System (TPS), where the security relies upon the
relationship between the master key and the token keys.  A TPS communicates
with a TKS over SSL using client authentication.

TKS helps establish a secure channel (signed and encrypted) between the token
and the TPS, provides proof of presence of the security token during
enrollment, and supports key changeover when the master key changes on the
TKS.  Tokens with older keys will get new token keys.

Because of the sensitivity of the data that TKS manages, TKS should be set up
behind the firewall with restricted access.

This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.


==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================

Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

PKI Core contains ALL top-level java-based Tomcat PKI components:

  * pki-symkey
  * pki-base
  * pki-tools
  * pki-server
  * pki-ca
  * pki-kra
  * pki-ocsp
  * pki-tks
  * pki-tps-tomcat
  * pki-javadoc

which comprise the following corresponding PKI subsystems:

  * Certificate Authority (CA)
  * Data Recovery Manager (DRM)
  * Online Certificate Status Protocol (OCSP) Manager
  * Token Key Service (TKS)
  * Token Processing Service (TPS)

For deployment purposes, PKI Core contains fundamental packages
required by BOTH native-based Apache AND java-based Tomcat
Certificate System instances consisting of the following components:

  * pki-tools

Additionally, PKI Core contains the following fundamental packages
required ONLY by ALL java-based Tomcat Certificate System instances:

  * pki-symkey
  * pki-base
  * pki-tools
  * pki-server

PKI Core also includes the following components:

  * pki-javadoc

Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
    * dogtag-pki-server-theme
  * redhat-pki-server-theme (Red Hat Certificate System deployments)
    * redhat-pki-server-theme
  * customized pki theme (Customized Certificate System deployments)
    * <customized>-pki-server-theme

  NOTE:  As a convenience for standalone deployments, top-level meta
         packages may be provided which bind a particular theme to
         these certificate server packages.

Changelog (Show File list) (Show related packages)

• Wed Nov 26 2014 Matthew Harmsen <mharmsen@redhat.com> 10.1.2-7

  - Bugzilla Bug #1165351 - Errata TPS test fails due to dependent
    packages not found - fixed shell tests

• Wed Nov 19 2014 Matthew Harmsen <mharmsen@redhat.com> 10.1.2-6

  - Bugzilla Bug #1165351 - Errata TPS test fails due to dependent
    packages not found

• Thu Nov 13 2014 Christina Fu <cfu@redhat.com> 10.1.2-5

  - Bugzilla Bug #1155654 - Check for null values in GetConfigEntries (alee)
  - Bugzilla Bug #1158410 - Add TLS Range in server.xml (cfu)
  - Bugzilla Bug #871171 - Provide Tomcat support for TLS v1.1 and TLS v1.2
    (client-side code) (cfu)
  - Updated JSS from "4.2.6-28" to "4.2.6-35" (TLS)
  - Require tomcatjss "7.1.0-5" (TLS)

• Tue Oct 28 2014 Christina Fu <cfu@redhat.com> 10.1.2-4

  - Bugzilla Bug #1151147 -  External CA install does not work
    with CA certificates signed by Microsoft Certificate Services

• Fri Sep 26 2014 Christina Fu <cfu@redhat.com> 10.1.2-3

  - Bugzilla Bug #790924 - pkispawn (configuration) does not provide CA
    extensions in subordinate certificate signing requests (CSR)

• Fri Sep 19 2014 Matthew Harmsen <mharmsen@redhat.com> 10.1.2-2

  - Bugzilla Bug #1108303 - Rebase pki-core to 10.1 (RHEL)
  - Bugzilla Bug #1117073 - pki-core ppc64le is missing from ExcludeArch line
    of spec file (RHEL)
  - Bumped required runtime version of tomcat >= 7.0.54 (RHEL)
  - Changed buildtime requirement from 'resteasy-base-jackson-provider >= 3.0.6-1'
    to 'resteasy-base-jettison-provider >= 3.0.6-1' (RHEL)
  - Added version number of '>= 3.0.6-1' to runtime requirements for all
    'resteasy-base' packages (RHEL)

• Thu Sep 18 2014 Ade Lee <alee@redhat.com> 10.1.2-1

  - Backport fix for  ticket 499
  - Bump version to ensure migration scripts are run

• Thu Sep 11 2014 Matthew Harmsen <mharmsen@redhat.com> 10.1.1-2

  - Add missing 'jakarta-commons-httpclient' build and runtime requirement
  - Exclude the 'ppcle' and 'ppc64le' platforms from being built on RHEL platforms
  - Update 'resteasy-base' requirements on RHEL platforms
  - Suppress pylint on RHEL platforms

• Fri Mar 21 2014 Matthew Harmsen <mharmsen@redhat.com> 10.1.1-1

  - PKI TRAC Ticket #840 - pkispawn requires policycoreutils-python (mharmsen)
  - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python (mharmsen)
  - PKI TRAC Ticket #868 - REST API get certs links missing segment
                           (alee, mharmsen)
  - PKI TRAC Ticket #869 - f19 ipa-server-install fails at step 6/22 of cert sys
                           install - systemctl start pki-tomcatd.target fails
                           (mharmsen)
  - PKI TRAC Ticket #816 - pki-tomcat cannot be started after installation of
                           ipa replica with ca
                           (alee, cfu, edewata, mharmsen)
  - Updated version number.

• Wed Jan 29 2014 Matthew Harmsen <mharmsen@redhat.com> 10.1.0-2

  - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python
  - TRAC Ticket #840 - pkispawn requires policycoreutils-python