| Name: | pki-tks |
|---|---|
| Version: | 10.2.5 |
| Release: | 6.el7 |
| Architecture: | noarch |
| Group: | System Environment/Daemons |
| Size: | 275100 |
| License: | GPLv2 |
| RPM: | pki-tks-10.2.5-6.el7.noarch.rpm |
| Source RPM: | pki-core-10.2.5-6.el7.src.rpm |
| Build Date: | Fri Nov 20 2015 |
| Build Host: | x86-ol7-builder-04.us.oracle.com |
| Vendor: | Oracle America |
| URL: | http://pki.fedoraproject.org/ |
| Summary: | Certificate System - Token Key Service |
| Description: | The Token Key Service (TKS) is an optional PKI subsystem that manages the
master key(s) and the transport key(s) required to generate and distribute
keys for hardware tokens. TKS provides the security between tokens and an
instance of Token Processing System (TPS), where the security relies upon the
relationship between the master key and the token keys. A TPS communicates
with a TKS over SSL using client authentication.
TKS helps establish a secure channel (signed and encrypted) between the token
and the TPS, provides proof of presence of the security token during
enrollment, and supports key changeover when the master key changes on the
TKS. Tokens with older keys will get new token keys.
Because of the sensitivity of the data that TKS manages, TKS should be set up
behind the firewall with restricted access.
This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains ALL top-level java-based Tomcat PKI components:
* pki-symkey
* pki-base
* pki-tools
* pki-server
* pki-ca
* pki-kra
* pki-ocsp
* pki-tks
* pki-tps
* pki-javadoc
which comprise the following corresponding PKI subsystems:
* Certificate Authority (CA)
* Data Recovery Manager (DRM)
* Online Certificate Status Protocol (OCSP) Manager
* Token Key Service (TKS)
* Token Processing Service (TPS)
For deployment purposes, PKI Core contains fundamental packages
required by BOTH native-based Apache AND java-based Tomcat
Certificate System instances consisting of the following components:
* pki-tools
Additionally, PKI Core contains the following fundamental packages
required ONLY by ALL java-based Tomcat Certificate System instances:
* pki-symkey
* pki-base
* pki-tools
* pki-server
PKI Core also includes the following components:
* pki-javadoc
Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:
* dogtag-pki-theme (Dogtag Certificate System deployments)
* dogtag-pki-server-theme
* redhat-pki-server-theme (Red Hat Certificate System deployments)
* redhat-pki-server-theme
* customized pki theme (Customized Certificate System deployments)
* <customized>-pki-server-theme
NOTE: As a convenience for standalone deployments, top-level meta
packages may be provided which bind a particular theme to
these certificate server packages. |
- Bugzilla Bug #1258630 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg [edewata] - Bugzilla Bug #1258634 - CA fails to authenticate to KRA for archival [edewata]
- Bugzilla Bug #1253045 - handle_exceptions() raises JSONDecodeError [cheimes]
'pki-core-handle-JSON-decode-error.patch'
- modified for RHEL 7.2 by removing changes to '.gitignore',
'tests/python/test_pki.py', and 'tox.ini' [mharmsen]
- Bugzilla Bug #1253047 - issues in cloning from dogtag 9 to 10 [alee]
'pki-core-fix-exception-when-talking-to-Dogtag-9-systems.patch'
- Bugzilla Bug #1143067 - The pkiuser user/group should be created in rpm %pre, and ideally with fixed uid/gid [cheimes]
- Dogtag 10.2.5-3 patch for RHEL 7.2 Re-base
- git format-patch cc97f8628b23f8ea75308bb97a31307cb4f162b9^..
ac5447a8e0bac5112882be700a17a9274e322adc --stdout > pki-core-rhel-7-2.patch
- remove e5c4e87ac5ce881efa160352ce87ad81026f3446 (QE test)
- Contents of 'pki-core-rhel-7-2.patch':
- PKI TRAC Ticket #1249 - Misleading self test log message [edewata]
- PKI TRAC Ticket #1444 - pkispawn: installation aborts when HSM contains
empty slots [edewata]
- PKI TRAC Ticket #995 - Provide more info on how to use --input with pki
cert-find in the man page [edewata]
- PKI TRAC Ticket #1122 - Need to describe paging options in 'pki' man page
[edewata]
- Cleaned up SystemConfigService.validateRequest() [edewata]
- Cleaned up SystemConfigService.configureClone() [edewata]
- PKI TRAC Ticket #1438 - pkispawn: SSL_ForceHandshake issue for non-CA on
HSM on both shared and nonshared tomcat instances [cfu]
- PKI TRAC Ticket #1442 - Ability to toggle profile usablity in Web vs CLI
tools [jmagne]
- PKI TRAC Ticket #1441 - Lack of Interactive Installation Support
(Cloning, Subordinates, Externals, HSMs, ECC) [mharmsen]
- PKI TRAC Ticket #1446 - Unable to select ECC Curves from EE [jmagne]
- Fixed pki help CLI [edewata]
- Fixed NPE in key-archive CLI [edewata]
- PKI TRAC Ticket #891 - Missing fail-over code in HttpConnection [edewata]
- PKI TRAC Ticket #1447 - pkispawn: findCertByNickname fails to find cert in
creating shared tomcat subsystems on HSM [cfu]
- PKI TRAC Ticket #1425 - pkispawn CA with HSM - if the config file has
pki_client related params the dir is not created and the admin cert p12
file is stored nowhere [mharmsen]
- PKI TRAC Ticket #1358 - Retrying failed OCSP clone results duplicate
replecation id and a failure [jmagne]
- PKI TRAC Ticket #1462 - profile update in raw format accepts bad config
[ftweedal]
- PKI TRAC Ticket #1449 - pki cert-find could be time consuming: add VLV
index for new installations [edewata]
- Remove ExcludeArch directive
- Update release number for release build
- Fixed issues found during testing previous build - Update release number for release build
- Update release number for release build
- Updated nuxwdog and tomcatjss requirements (alee)
- Updated version number to 10.2.4-0.1 - Added nuxwdog systemd files