Fedora 15 Update: pki-ocsp-9.0.4-1.fc15

updates at fedoraproject.org updates at fedoraproject.org
Wed Sep 7 00:26:36 UTC 2011 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-11576
2011-08-26 18:30:26
--------------------------------------------------------------------------------

Name        : pki-ocsp
Product     : Fedora 15
Version     : 9.0.4
Release     : 1.fc15
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Online Certificate Status Protocol Manager
Description :
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

The Online Certificate Status Protocol (OCSP) Manager is an optional PKI
subsystem that can act as a stand-alone OCSP service.  The OCSP Manager
performs the task of an online certificate validation authority by enabling
OCSP-compliant clients to do real-time verification of certificates.  Note
that an online certificate-validation authority is often referred to as an
OCSP Responder.

Although the Certificate Authority (CA) is already configured with an
internal OCSP service.  An external OCSP Responder is offered as a separate
subsystem in case the user wants the OCSP service provided outside of a
firewall while the CA resides inside of a firewall, or to take the load of
requests off of the CA.

The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
multiple CA servers, and clients can query the OCSP Manager for the
revocation status of certificates issued by all of these CA servers.

When an instance of OCSP Manager is set up with an instance of CA, and
publishing is set up to this OCSP Manager, CRLs are published to it
whenever they are issued or updated.

For deployment purposes, an OCSP Manager requires the following components
from the PKI Core package:

  * pki-setup
  * pki-native-tools
  * pki-util
  * pki-java-tools
  * pki-common
  * pki-selinux

and can also make use of the following optional components from the PKI Core
package:

  * pki-util-javadoc
  * pki-java-tools-javadoc
  * pki-common-javadoc
  * pki-silent

Additionally, Certificate System requires ONE AND ONLY ONE of the following
"Mutually-Exclusive" PKI Theme packages:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
  * redhat-pki-theme (Red Hat Certificate System deployments)

--------------------------------------------------------------------------------
Update Information:

Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 23 2011 Ade Lee <alee at redhat.com> 9.0.4-1
- Bugzilla Bug #712931 - CS requires too many ports
  to be open in the FW
* Thu Jul 14 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.3-1
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
  (jdennis)
- Bugzilla Bug #699837 - service command is not fully backwards
  compatible with Dogtag pki subsystems (mharmsen)
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
  administrator group. (jmagne)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- Updated release of 'jss'
* Tue Apr 26 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.2-1
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
- Bugzilla Bug #699837 - service command is not fully backwards compatible
  with Dogtag pki subsystems
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #712931 - CS requires too many ports to be open in the FW.
        https://bugzilla.redhat.com/show_bug.cgi?id=712931
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pki-ocsp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list