Fedora 15 Update: pki-kra-9.0.5-1.fc15

updates at fedoraproject.org updates at fedoraproject.org
Wed Sep 7 00:26:58 UTC 2011


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-11542
2011-08-26 18:29:08
--------------------------------------------------------------------------------

Name        : pki-kra
Product     : Fedora 15
Version     : 9.0.5
Release     : 1.fc15
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Data Recovery Manager
Description :
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

The Data Recovery Manager (DRM) is an optional PKI subsystem that can act
as a Key Recovery Authority (KRA).  When configured in conjunction with the
Certificate Authority (CA), the DRM stores private encryption keys as part of
the certificate enrollment process.  The key archival mechanism is triggered
when a user enrolls in the PKI and creates the certificate request.  Using the
Certificate Request Message Format (CRMF) request format, a request is
generated for the user's private encryption key.  This key is then stored in
the DRM which is configured to store keys in an encrypted format that can only
be decrypted by several agents requesting the key at one time, providing for
protection of the public encryption keys for the users in the PKI deployment.

Note that the DRM archives encryption keys; it does NOT archive signing keys,
since such archival would undermine non-repudiation properties of signing keys.

For deployment purposes, a DRM requires the following components from the PKI
Core package:

  * pki-setup
  * pki-native-tools
  * pki-util
  * pki-java-tools
  * pki-common
  * pki-selinux

and can also make use of the following optional components from the PKI Core
package:

  * pki-util-javadoc
  * pki-java-tools-javadoc
  * pki-common-javadoc
  * pki-silent

Additionally, Certificate System requires ONE AND ONLY ONE of the following
"Mutually-Exclusive" PKI Theme packages:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
  * redhat-pki-theme (Red Hat Certificate System deployments)

--------------------------------------------------------------------------------
Update Information:

Bugzilla Bug #712931 - CS requires too many ports
to be open in the FW
--------------------------------------------------------------------------------
ChangeLog:

* Tue Aug 23 2011 Ade Lee <alee at redhat.com> 9.0.5-1
- Bugzilla Bug #712931 - CS requires too many ports
  to be open in the FW
* Thu Jul 14 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.4-1
- Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
  (jdennis)
- Bugzilla Bug #699837 - service command is not fully backwards
  compatible with Dogtag pki subsystems (mharmsen)
- Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
  administrator group. (jmagne)
- Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
  for modify/add (alee)
- Bugzilla Bug #714068 - KRA: remove monitor servlet from kra (alee)
- Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
- Updated release of 'jss'
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #712931 - CS requires too many ports to be open in the FW.
        https://bugzilla.redhat.com/show_bug.cgi?id=712931
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pki-kra' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list