Fedora 16 Update: pki-ocsp-9.0.11-1.fc16

updates at fedoraproject.org updates at fedoraproject.org
Fri Dec 21 12:05:21 UTC 2012 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-20242
2012-12-12 07:46:10
--------------------------------------------------------------------------------

Name        : pki-ocsp
Product     : Fedora 16
Version     : 9.0.11
Release     : 1.fc16
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Online Certificate Status Protocol Manager
Description :
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

The Online Certificate Status Protocol (OCSP) Manager is an optional PKI
subsystem that can act as a stand-alone OCSP service.  The OCSP Manager
performs the task of an online certificate validation authority by enabling
OCSP-compliant clients to do real-time verification of certificates.  Note
that an online certificate-validation authority is often referred to as an
OCSP Responder.

Although the Certificate Authority (CA) is already configured with an
internal OCSP service.  An external OCSP Responder is offered as a separate
subsystem in case the user wants the OCSP service provided outside of a
firewall while the CA resides inside of a firewall, or to take the load of
requests off of the CA.

The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
multiple CA servers, and clients can query the OCSP Manager for the
revocation status of certificates issued by all of these CA servers.

When an instance of OCSP Manager is set up with an instance of CA, and
publishing is set up to this OCSP Manager, CRLs are published to it
whenever they are issued or updated.

For deployment purposes, an OCSP Manager requires the following components
from the PKI Core package:

  * pki-setup
  * pki-native-tools
  * pki-util
  * pki-java-tools
  * pki-common
  * pki-selinux

and can also make use of the following optional components from the PKI Core
package:

  * pki-util-javadoc
  * pki-java-tools-javadoc
  * pki-common-javadoc
  * pki-silent

Additionally, Certificate System requires ONE AND ONLY ONE of the following
"Mutually-Exclusive" PKI Theme packages:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
  * redhat-pki-theme (Red Hat Certificate System deployments)

--------------------------------------------------------------------------------
Update Information:

Bugzilla Bug #861467 - Directory authenticated user certificate enrollments fail when anonymous access disabled.
--------------------------------------------------------------------------------
ChangeLog:

* Tue Dec 11 2012 Andrew Wnuk<awnuk at redhat.com> 9.0.11-1
- Bugzilla Bug #861467 - Directory authenticated user certificate enrollments
  fail when anonymous access disabled.
* Tue Apr 10 2012 Christina Fu <cfu at redhat.com> 9.0.10-2
- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
* Fri Mar 16 2012 Ade Lee <alee at redhat.com> 9.0.10-1
- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
* Fri Mar  9 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.9-1
- Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync
  with DOGTAG_9_BRANCH SVN repository . . .
- Bugzilla Bug #787806 - RSA should be default selection for transport
  key till "ECC phase 4" is implemented
* Wed Feb 22 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.8-2
- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes
  in fundamental path structure in Fedora 17
* Fri Oct 28 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.8-1
- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
  OCSP, and TKS package installation . . .
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pki-ocsp' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list