-
Mon Jan 30 2017 Dogtag Team <pki-devel@redhat.com> 10.3.3-17
- ## RHCS 9.1.z Batch Update 3
- Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS
tokendb shows different certificate status (cfu)
- ## RHEL 7.3.z Batch Update 3
- Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System
8.1 fail NIST validation test with parameter field. (cfu)
- Bugzilla Bug #1417064 - Unable to search certificate requests using the
latest request ID (edewata)
- Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website
incorrect (alee)
- Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will
not finish start, hangs (ftweedal)
- Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert
(edewata)
- Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6
environment. (edewata)
-
Thu Dec 15 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-16
- Separate original patches into RHEL and RHCS portions
- ## RHEL 7.3.z Batch Update 2
- Bugzilla Bug #1404176 - logging properties and man pages (edewata)
- Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and
enroll G&D Cards (jmagne)
- ## RHCS 9.1.z Batch Update 2
- Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and
enroll G&D Cards (jmagne)
- Bugzilla Bug #1404900 - RHCS logging properties (edewata)
-
Tue Dec 13 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-15
- ## RHEL 7.3.z Batch Update 2
- Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port
with remote CA shows authentication failure (edewata)
- Bugzilla Bug #1404175 - pki ca-cert-request-submit fails presumably because
of missing authentication even if it should not require any (edewata)
- Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is
not reflected in the TPS Web UI [pki-base] (edewata)
- Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS
mode (edewata)
- Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from
nistp256 when nistp384 is specified in spawn config (jmagne)
- Bugzilla Bug #1404176 - logging properties and man pages (edewata)
- ## RHCS 9.1.z Batch Update 2
- Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
not reflected in the TPS Web UI [pki-tps] (edewata)
- Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS
tokendb shows different certificate status (cfu)
- Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and
enroll G&D Cards (jmagne)
-
Tue Nov 08 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-14
- Marked the following RHCS 9.1.z bug:
Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel
when TPS and TKS security db is on fips mode. (jmagne)
as a duplicate of RHEL 7.3.z bug:
Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)
and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.
-
Thu Nov 03 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-13
- ## RHEL 7.3.z Batch Update 1
- Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)
(added KRA key recovery via CLI in FIPS mode)
- ## RHCS 9.1.z Batch Update 1
- Reverted patches associated with
Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
not reflected in the TPS Web UI (edewata)
-
Mon Oct 31 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-12
- ## RHEL 7.3.z Batch Update 1
- Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does
not show proper error message (alee)
- Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service
("ipa-cacert-manage renew" failed?) (edewata)
- Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as
a dependency package (mharmsen)
- Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due
to missing AuthorityID (ftweedal)
- Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal)
- Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA
with partial certificate chain (edewata)
- Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)
- Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar
files (edewata)
- Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java
(edewata)
- ## RHCS 9.1.z Batch Update 1
- Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu)
- Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a
single user on multiple tokens. (jmagne)
- Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed
tokens (jmagne)
- Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working
when a token is physically damaged and a temporary token is issued (jmagne)
- Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial
number and key id on the ldap user mismatches
- Bugzilla Bug #1381635 - Token format with external reg fails when
op.format.externalRegAddToToken.revokeCert=true (cfu)
- Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when
set on a token (jmagne)
- Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel
when TPS and TKS security db is on fips mode. (jmagne)
- Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
not reflected in the TPS Web UI (edewata)
-
Mon Oct 10 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-11
- PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu)
- PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single
user on multiple tokens. (jmagne)
- PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a
dependency package (mharmsen)
- PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed
tokens (jmagne)
- PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial
number and key id on the ldap user mismatches (cfu)
- PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar
files (edewata)
-
Fri Sep 09 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-10
- Revert Patch: PKI TRAC Ticket #2449 - Unable to create system certificates
in different tokens (edewata)
- Resolves: rhbz #1374054 - ipa-replica-install fails setting up certificate
- Restores: rhbz #1319557 - pkispawn KRA instance is failing server
- Removes from Errata: rhbz #1372041 - Unable to create system certificates
in different tokens
-
Tue Sep 06 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-9
- PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion
(ftweedal)
- PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
(edewata)
- PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry
deleted (ftweedal)
- PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if
USN plugin enabled (ftweedal)
- PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per
instance name (for shared HSM) (cfu)
- PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu)
- PKI TRAC Ticket #2449 - Unable to create system certificates in different
tokens (edewata)
-
Mon Aug 29 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-8
- PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne)
- PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor)
- PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata)
- PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open
- PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)