Fedora 15 Update: pki-ocsp-9.0.2-1.fc15

updates at fedoraproject.org updates at fedoraproject.org
Thu May 19 05:05:10 UTC 2011

Fedora Update Notification
2011-04-27 02:23:41

Name        : pki-ocsp
Product     : Fedora 15
Version     : 9.0.2
Release     : 1.fc15
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Online Certificate Status Protocol Manager
Description :
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

The Online Certificate Status Protocol (OCSP) Manager is an optional PKI
subsystem that can act as a stand-alone OCSP service.  The OCSP Manager
performs the task of an online certificate validation authority by enabling
OCSP-compliant clients to do real-time verification of certificates.  Note
that an online certificate-validation authority is often referred to as an
OCSP Responder.

Although the Certificate Authority (CA) is already configured with an
internal OCSP service.  An external OCSP Responder is offered as a separate
subsystem in case the user wants the OCSP service provided outside of a
firewall while the CA resides inside of a firewall, or to take the load of
requests off of the CA.

The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
multiple CA servers, and clients can query the OCSP Manager for the
revocation status of certificates issued by all of these CA servers.

When an instance of OCSP Manager is set up with an instance of CA, and
publishing is set up to this OCSP Manager, CRLs are published to it
whenever they are issued or updated.

For deployment purposes, an OCSP Manager requires the following components
from the PKI Core package:

  * pki-setup
  * pki-native-tools
  * pki-util
  * pki-java-tools
  * pki-common
  * pki-selinux

and can also make use of the following optional components from the PKI Core

  * pki-util-javadoc
  * pki-java-tools-javadoc
  * pki-common-javadoc
  * pki-silent

Additionally, Certificate System requires ONE AND ONLY ONE of the following
"Mutually-Exclusive" PKI Theme packages:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
  * redhat-pki-theme (Red Hat Certificate System deployments)

Update Information:

/var/log/tomcat6/catalina.out owned by pkiuser

* Tue Apr 26 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.2-1
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
- Bugzilla Bug #699837 - service command is not fully backwards compatible
  with Dogtag pki subsystems

  [ 1 ] Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pki-ocsp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list