Fedora 17 Update: pki-ocsp-9.0.10-1.fc17

updates at fedoraproject.org updates at fedoraproject.org
Fri Apr 20 03:06:53 UTC 2012

Fedora Update Notification
2012-03-23 00:28:33

Name        : pki-ocsp
Product     : Fedora 17
Version     : 9.0.10
Release     : 1.fc17
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Online Certificate Status Protocol Manager
Description :
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

The Online Certificate Status Protocol (OCSP) Manager is an optional PKI
subsystem that can act as a stand-alone OCSP service.  The OCSP Manager
performs the task of an online certificate validation authority by enabling
OCSP-compliant clients to do real-time verification of certificates.  Note
that an online certificate-validation authority is often referred to as an
OCSP Responder.

Although the Certificate Authority (CA) is already configured with an
internal OCSP service.  An external OCSP Responder is offered as a separate
subsystem in case the user wants the OCSP service provided outside of a
firewall while the CA resides inside of a firewall, or to take the load of
requests off of the CA.

The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
multiple CA servers, and clients can query the OCSP Manager for the
revocation status of certificates issued by all of these CA servers.

When an instance of OCSP Manager is set up with an instance of CA, and
publishing is set up to this OCSP Manager, CRLs are published to it
whenever they are issued or updated.

For deployment purposes, an OCSP Manager requires the following components
from the PKI Core package:

  * pki-setup
  * pki-native-tools
  * pki-util
  * pki-java-tools
  * pki-common
  * pki-selinux

and can also make use of the following optional components from the PKI Core

  * pki-util-javadoc
  * pki-java-tools-javadoc
  * pki-common-javadoc
  * pki-silent

Additionally, Certificate System requires ONE AND ONLY ONE of the following
"Mutually-Exclusive" PKI Theme packages:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
  * redhat-pki-theme (Red Hat Certificate System deployments)

Update Information:

Bugzilla Bug #802396 - Change location of TOMCAT_LOG to match tomcat6 changes
Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync

  [ 1 ] Bug #802396 - Syntax Errors restart IPA services /var/lib/pki-ca/pki-ca: line 91
  [ 2 ] Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync with DOGTAG_9_BRANCH SVN repository . . .

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pki-ocsp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at

More information about the package-announce mailing list