Name: | pki-tools |
Version: | 10.5.9 |
Release: | 6.el7 |
Architecture: | aarch64 |
Group: | System Environment/Base |
Size: | 1239953 |
License: | GPLv2 |
RPM: |
pki-tools-10.5.9-6.el7.aarch64.rpm
|
Source RPM: |
pki-core-10.5.9-6.el7.src.rpm
|
Build Date: | Wed Oct 31 2018 |
Build Host: | ca-buildarm01.us.oracle.com |
Vendor: | Oracle America |
URL: | http://pki.fedoraproject.org/ |
Summary: | Certificate System - PKI Tools |
Description: | This package contains PKI executables that can be used to help make
Certificate System into a more complete and robust PKI solution.
This package is a part of the PKI Core used by the Certificate System.
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains ALL top-level java-based Tomcat PKI components:
* pki-symkey
* pki-base
* pki-base-python2 (alias for pki-base)
* pki-base-python3
* pki-base-java
* pki-tools
* pki-server
* pki-ca
* pki-kra
* pki-ocsp
* pki-tks
* pki-tps
* pki-javadoc
which comprise the following corresponding PKI subsystems:
* Certificate Authority (CA)
* Key Recovery Authority (KRA)
* Online Certificate Status Protocol (OCSP) Manager
* Token Key Service (TKS)
* Token Processing Service (TPS)
Python clients need only install the pki-base package. This
package contains the python REST client packages and the client
upgrade framework.
Java clients should install the pki-base-java package. This package
contains the legacy and REST Java client packages. These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.
Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools. The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.
Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:
* dogtag-pki-theme (Dogtag Certificate System deployments)
* dogtag-pki-server-theme
* redhat-pki-server-theme (Red Hat Certificate System deployments)
* redhat-pki-server-theme
* customized pki theme (Customized Certificate System deployments)
* <customized>-pki-server-theme
NOTE: As a convenience for standalone deployments, top-level meta
packages may be provided which bind a particular theme to
these certificate server packages. |
-
Tue Aug 21 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-6
- Updated nuxwdog dependencies
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #673182 - ECC keys not supported for signing
audit logs (cfu)
- Bugzilla Bug #1593805 - Better understanding of
NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu)
- Bugzilla Bug #1601071 - Certificate generation happens with
partial attributes in CMCRequest file (cfu)
- Bugzilla Bug #1601569 - CC: Enable all config audit events
(cfu)
- Bugzilla Bug #1608375 - CMC Revocations throws exception
with same reqIssuer & certissuer (cfu)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to
-
Thu Aug 09 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-5
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0
with latest version (abokovoy)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to
-
Tue Jul 31 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-4
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1548203 - pki console configurations that involves ldap
passwords leave the plain text password in signed audit logs (cfu)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1494591 - keyGen fails when only Identity
-
Mon Jul 23 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-3
- Re-spin alpha builds
-
Thu Jul 05 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-2
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden
by CSR encoding (cfu)
- Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a
certificate (ftweedal)
- Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in
SharedToken scenario's (cfu)
- Bugzilla Bug #1550742 - Address ECC profile overrides (cfu)
- Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu)
- Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu)
- Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request
authenticated through SharedToken (cfu)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to
-
Mon Jun 11 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-1
- ##########################################################################
- # RHEL 7.6:
- ##########################################################################
- Bugzilla Bug #1538311 - Using a Netmask produces an odd
entry in a certifcate (ftweedal)
- Bugzilla Bug #1544843 - ExternalCA: Installation failed during
csr generation with ecc (rrelyea, gkapoor)
- Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest
upstream 10.5.x (RHEL) (mharmsen)
- Bugzilla Bug #1580394 - CMC CRMF requests result in
InvalidKeyFormatException when signing algorithm is ECC (cfu)
- Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled
ACL configuration in AAclAuthz.java reverses rules that allow
and deny access (ftweedal, cfu)
- Bugzilla Bug #1585866 - CRMFPopClient tool - should allow
option to do no key archival (cfu)
- Bugzilla Bug #1588655 - Cert validation for installation with
external CA cert (edewata)
- ##########################################################################
- # RHCS 9.4:
- ##########################################################################
- # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to
-
Sat Jun 09 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-13.1
- Rebuild due to build system database problem
-
Fri Jun 08 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-13
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1553068 - Using a Netmask produces an odd
entry in a certifcate [rhel-7.5.z] (ftweedal)
- Bugzilla Bug #1585945 - CMC CRMF requests result in
InvalidKeyFormatException when signing algorithm is ECC
[rhel-7.5.z] (cfu)
- Bugzilla Bug #1587826 - ExternalCA: Installation failed during
csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor)
- Bugzilla Bug #1588944 - Cert validation for installation with
external CA cert [rhel-7.5.z] (edewata)
- Bugzilla Bug #1588945 - CRMFPopClient tool - should allow
option to do no key archival (cfu)
- Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled
ACL configuration in AAclAuthz.java reverses rules that allow
and deny access [rhel-7.5.z] (ftweedal, cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
-
Tue May 22 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-12
- Updated "jss" build and runtime requirements (mharmsen)
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest,
CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu)
- Bugzilla Bug #1572548 - IPA install with external-CA is failing when
FIPS mode enabled. [rhel-7.5.z] (edewata)
- Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE
[rhel-7.5.z] (cfu)
- Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue
with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs
improvement [rhel-7.5.z] (jmagne)
- Bugzilla Bug #1581135 - SAN in internal SSL server certificate in
pkispawn configuration step [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong
input class_id [rhel-7.5.z] (cfu)
- Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System
9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
-
Mon Apr 09 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-11
- ##########################################################################
- # RHEL 7.5:
- ##########################################################################
- Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for
standard conformance [rhel-7.5.z] (cfu)
- Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools
CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
- ##########################################################################
- # RHCS 9.3:
- ##########################################################################
- # Bugzilla Bug #1560233 - libtps does not directly depend on libz