pki-ca-9.0.15-1.fc16$>Qď&cTzi#>Y>>?d   B  6TZa  /      0 0 1T3x6%88;;0;l.?6@>GHHlIҐXY$\@]d^bd6l;tTuxv wPxtefCpki-ca9.0.151.fc16Certificate System - Certificate AuthorityThe Certificate Authority (CA) is a required PKI subsystem which issues, renews, revokes, and publishes certificates as well as compiling and publishing Certificate Revocation Lists (CRLs). The Certificate Authority can be configured as a self-signing Certificate Authority, where it is the root CA, or it can act as a subordinate CA, where it obtains its own signing certificate from a public CA. This package is a part of the PKI Core used by the Certificate System. ================================== || ABOUT "CERTIFICATE SYSTEM" || ================================== Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains fundamental packages required by Certificate System, and consists of the following components: * pki-setup * pki-symkey * pki-native-tools * pki-util * pki-util-javadoc * pki-java-tools * pki-java-tools-javadoc * pki-common * pki-common-javadoc * pki-selinux * pki-ca * pki-silent which comprise the following PKI subsystems: * Certificate Authority (CA) For deployment purposes, Certificate System requires ONE AND ONLY ONE of the following "Mutually-Exclusive" PKI Theme packages: * ipa-pki-theme (IPA deployments) * dogtag-pki-theme (Dogtag Certificate System deployments) * redhat-pki-theme (Red Hat Certificate System deployments)NFx86-15.phx2.fedoraproject.org 9Fedora ProjectFedora ProjectGPLv2Fedora ProjectSystem Environment/Daemonshttp://pki.fedoraproject.org/linuxnoarch# Attempt to update ALL old "CA" instances to "systemd" for inst in `ls /etc/sysconfig/pki/ca`; do if [ ! -e "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service" ]; then ln -s "/lib/systemd/system/pki-cad@.service" \ "/etc/systemd/system/pki-cad.target.wants/pki-cad@${inst}.service" [ -L /var/lib/${inst}/${inst} ] && unlink /var/lib/${inst}/${inst} ln -s /usr/sbin/tomcat6-sysd /var/lib/${inst}/${inst} if [ -e /var/run/${inst}.pid ]; then kill -9 `cat /var/run/${inst}.pid` || : rm -f /var/run/${inst}.pid echo "pkicreate.systemd.servicename=pki-cad@${inst}.service" >> \ /var/lib/${inst}/conf/CS.cfg || : /bin/systemctl daemon-reload >/dev/null 2>&1 || : /bin/systemctl restart pki-cad@${inst}.service || : else echo "pkicreate.systemd.servicename=pki-cad@${inst}.service" >> \ /var/lib/${inst}/conf/CS.cfg || : fi fi done /bin/systemctl daemon-reload >/dev/null 2>&1 || :if [ $1 = 0 ] ; then /bin/systemctl --no-reload disable pki-cad.target > /dev/null 2>&1 || : /bin/systemctl stop pki-cad.target > /dev/null 2>&1 || : fi/bin/systemctl daemon-reload >/dev/null 2>&1 || : if [ "$1" -ge "1" ] ; then /bin/systemctl try-restart pki-cad.target >/dev/null 2>&1 || : fi=mqvY+ct/"~F[o6  a NNS5c#}F}F+. g%~~[G7(b)m7P,j$R$w#Ph|% *S*L$,k+>+3x|Hu-A큤A큤AA큤A큤AA큤A큤AAA큤AAA큤AAN2N2NnNnNFNnN8N2N2N2NNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnN2NnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnN2N2NnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnNnN2NNnN2N2N2NnNnN2N2N2NnNnN2N2e97f3dc41af4393129a38450d4c26ea482bf2723fa128d24267494297bb1a8d407447395affa5a54f73d1b6b217b7c17b8bbd71d7a3fb8e76adcbf27099b1367ade7eda1385eca452978da73a6b45997466616a8dcdaa6db669fadeb282df792d6bf5823021651d1cb53350adcf4bb818ac77768f5cbc43898ad06af1036b00e5388edb6504432b2230b669456cf71618b17c3165816630f9df54e203d4799a576faa56482ab0e02245b923c7e422a27b39cee004a8abd8ff214d8efc324ed504213f763b800915ac78b5c926319c678270ea643837a587a9d632b2575b668eb277ddc6b757beded687ee507fa73f615948fb989dc96194133294d398c31c28e400b2c58282cc5958a930f3b3c7c0379fb101fcf612156c27ee2dd8ac254248d2c08c23d6b5cb8a53fc61bb5e0548b5199de05d5d9d96a614cf005d3d9cb571afda6ed2899eec8cd13343bd0acb4fd58d8e2e52d80a8158000559f2051e7faea727f0cd8f7005410d9a2299c1e5dd0c0d39ffce9150f36e29ffc0ab596e0fa37e5007779fca32384e3d66b229c7e3f57257c0d44489543a11c69ebf559806c8c7d143f224693e217d6d85ccd03ab86b2a7ef0833d94303b66f3084d9bc24a92ac04ac1a4502a64b07a6d28b4c8f7c2cb3c1ef92d90fd33913bee71bd80db59dd6a4c5408696df488b0cd7e8c01c5607c7b4c5b3cf596b94f028c004e14ba5e8eead500b0c90a7da7bbb8602f999170020f81dcfa03d16a4a4d9caf259911676478a9ac098ede2153652b6dd086c0ff35fba88af612ffb07f032d3cf0d978cb3527ed767345475519c0b68cc96bd20f23cb2045c3829dcc72c67a4f1a133a7d155ec67643ebfdcec431c7d61966510fefc3e691ff14a09438257c5c23fe66d54bb14050386b6df46fef8e6214e41579d09c780d19d242741f29c2809ef973cefeb760a2dee6aef9a244f84690b0e80d22f419f277d615a90b129483aa669128f68c20c6a9881beb5076c205b18c5872880ba55b11e3d30337994d569a1505cd97240a7dd52de32aba2a1ca758a3f0d23f205b0247c4aa4a93b6d3587df8ce4a1dadb1e26559c0ef31ed7b378fc02ae2db9d34a7442245455d616bb56f0a11bb6263194d865777ccfadbb81f25da44489ea9ec2c20ee8298d1874110df171da793767d3c20dc56e7c6f0ba342130b0160dd473330845cc80f17f5ea872d0fd5031b600372c7d07a13821fab5328a5cb1f749f41ee892f61b674a290db7de7d758f70133d3a61be873aedbc8e22682a05646fe9ab6b9192c8152df90cef92c78a19bedeec9245eff367fa10240ed3175b367da06966da673aedbae63fc5164402f4448b089c45226bb2cf6dad3cdf581c3af18a90d6b911ccb66c7b2179a7a75fd1b64447c38772c25e2dc7560c668d93a517e4b8362084a311fa08966d000c1f06bca75eac7d894fd5cd1ea75a0ed89170c0d4d1580016ef8436ecf4e619543752303a3f673928e2839845976001deaec22af953bacd3b72fe5c49443a185a898cb6cbf062b7553903273f6089afa9f3d9192bbfb97aca8fb372af8a4d2c87ece726d1e3ccc9375d6256e77b91817081f349ed0b5115ce58d43c2720c3473e5e4475b616597e5ca45e6e816149748a4c7fd6443ed8c585e675afec1f5317959ac9f88c7f2e27e4f2d929ae8eebeb0bab2780581282d53f544a4a62b578b9d45d290ad77ea756fee60f470c24f10e3a47ec403e8120a4ef0ab957cd292fda6905e6e1f16dfc4891efbc5f8b12d38381041f75aeef95dda09a3c728bac964a8660a1bdde4c0aefb36f1162726bb551a958e9ff0de0333133702e0312e1bbe8c64c60f940b149f3278ebe2f7040e9224cb5d49ad2e896b807877864ae209975fdba39fe55d9dabe5730b830109f5d6bad9227eea0387e9b425cbdf52e9aecb5044ddf44ec05cd32ac643ab96fbbac60177722f9b65e9e88234e89c434a691e079069d37b318051ba08e5401817cf220661cea7c9468dd5bf0c862f246b1d80f21c7a69acf0b3197a11d03adcc3a6bb604040047d335ffa81c8f548aa273a4d3cd67272590ff8bdf5c4ce6641c36030342b5a32395173e93bde51a9085c5df4d300bd66a4eaea68a3aeaa6f2afb66d32d060f4b66364eb137323057b41e15317cadeac4d6d5acb20866e54fee85799bcd373e3e1730fca6964bccf10e8013d3a17e47f96dbedbe367692626e7e482a595b66f3d8d166cf030208d11fe66ab03a23c2932ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b62ba6e2290c7c90da1fa7a23214b457d24fb03da037cdb5760e7a8d0cc402d5062ce39edcbc0f3951007855b1ed95d532e0d4ad8e3d9067a9ce3338346fc111b6b14b9f7733adbd8910b925566c7031f9ef5d4047f50445ada7a0120693e441254ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91b3e83dd6fd1336b0e2e1a1826f21a57a176e053a043aa8c0c6f2321dbbaa6f144ceb0cc6142fd93688a16af692f0ea833fccab83ff002b27becc311ae4c26c91369297a91044bae9d61a8f61046e54fa9059a66f2c5c4bcbca9fa651f4c5e605ceadedbe484214d4af828832b12d046b1c3fabd6dd2c6e92edbd7c299c963a01a6e93e3ebfd7fd88da8c1b24ea4476e495b9ecae27c557ab8c7ecc8914601f8fa66fcdca8b12389353b0dcc4d49ab89737b638a4156e04ae83b7fd7ed195da17e97415f495943ae49ce5674e09006caf13a8afd978884edc44157639fcef3a6e5dd07496ebe2d7f236624fe4ff9ea4654e533cd6f136e276f185bc4ee75cc6a63208f569c98c16c37c2fb2e287b55027ecaf16ea80449fed310725854dd848504358d4fe7948b0d5cf868fe9304a7c564127640a6e2aeac5c3a536beb0f30fba963740e1b6bd2aff4d69dac938811dbdb5d5a49c12b1eae220c314482006e9b1dfd602c67136a59e64f6e463f78538691537a4d855d1034cf133218defd3a3c215f849056f449352b3c3667bd8e5d557923360ea82d450a505378232abe9c0dcbf498a0033133d3db4f5fc11dd1176ede93866fcbae0768ad48dd6efa6c12b6c1d0aafc6555b343ba4ca2d5f5f32689293333898c97419fc654394fb28a39730ec6d98f0d27829a113d7c6dd317f64b3d9b4d28eb1a5b7dedd19e64454bcd434836c9ccb8a859b3a1f056585048299d7c8722511c58557133d477cc2306f1c6671228dfe6ff918a566e1651b42debdcf5f8ed8b7392a4576f36f3410ce9adcc124819425d088599d31c38f93071a8f888325055d9fd241c86a3a158a7d4ec5d4cf2249f7aa08045c7fd1b53c41112a23e4205d3a1a6b154192d1c3eb0f442a3953834b65d808a99515bedf7a4121ddbca86e67009e9cd89ef3109dc258d7bb3fc15b4dca47fe0abc935826d6674354b2a9eb81594a489bc018784ed1ff576a6a3b257e85525b931500c6e34e0ad01862039fce50d8000b397ccda8c5e48e0885579195012cc8e8dfb10bc343d7d8ddae5a19fc5ca5bbd3817ed63275689805cdd0a520e569eaf67a8ffbe90ceffab43e1ba8e862fb56a6b006a564763b0a3ea851daf7edd998615082846bcd693565beacfdb00f29cf9c6cacd38cefd3271c592cec4428ab3c118b6f0e4eaf437287cff742075e030af9bc7a06d7e4b70408ad986caaab6df771c3d0491f37a17d1ca7eda398c1644489dba82efa572988ce978b505d2008c14a2a8d2c67a06d1f38830426cc10988b4bfa324d2042394928a83885d725b7f2c02ea43386196f818b723bb428ede8935011f2b7e708d1c74d591cd14841688893625d65368a0f97cd71765ce65c0a35e1235efbfa4ca770104cc3d1fcdcc592abe256d491e4312cad42852759a247f3feb6286ddf19ba194bd3069d6b7456f1a7305335ec03066f3ea46f1d707a59830dd326fb2f2135f68798dcfe548aa2efd42a975128922dbd6185f781e9a8b6c0574316fb4e270efce4f99bc950f8810b92d37d70ee8d1e1495f978ff1c148701e8d3111271b72a92e39e95e9068583d19315a9b5a0b7e5d36bf99ce01de37e4e36d759faa9b2713f275fd40aff77d4363f769a86297b917a143a7149995384559ea3dcbfcd111dfa1ec22b9c574da447f772ababc6cc0bd8bdf2f1e03871ab2f1cc65774be76d2fd99c0ab8b9b766ce0c9c4b86af31e9174aaac6ab8c2a17c9479fd3906eb8b524acd0877812bfb2b4fe5c7fc72561124c0c344004f90ecda6e79c3150be202858fc5ee99ffcff251bac5ce33e8319ce83dd0bb7d21aeb387e17803d3e8db9ae1018feefa24df2477a87f6d778818454478237a633ed4643d76ccebacc3185c4e92c6cd60c202d93427ee9e2743e33c4eee3d663a19b7ac7b79a775a76cb57610e2221babc6eb560ed4b94f28daa1ce42a12afaba87705cdb07f64f286b9150fb94576fc98733a5227f6be71663723bb0fb23535d8da048e5d79a3fe906caeb65ed1531112ff4f210054a6054984c3a7bd25be3d41744abdc2ddd9b3191783d460dd792439ca7f920cb7781404a4e41afaed4c27eb4788b4c3560fe15098927b159c3e26fa0212e2996d1e54db9a388eb07c1e94be78beceaa6ff0d36e3d5162f7dab7ad023de47293cb877ab808de670f28d2bd6499dbb2d357d43afc7cd23d86b4bdf3aa6974895bdc3bb4a3908363d61c0de2c934c1d47ea19483de74591876aab55f27dd6e39d2940ed9ca211b2e9933622b08eb4dc4ae264f33952affdb1a2230e3e2f8eee82af517798411ab247dd3136bf758b5f8fe416d76b277c01034c1861c2c42d5dafe7ee2df815e74f2bf84431f262525b45dbdbac0117eb16da3dbe25589ba27fdb16be3f624c580af8dd2e8136bef1bcf4019b9e820f9fee1ca9617d50442f0230e092659a6c6a79288ca26af63726d962040001e43b0207ecedbeb9e2cd09231fe8cb8c5647afa0d62ac43708edd416fc25294f0a6582c28527c1f9dbaa943104c93cf9e9095f758031c47f2a18e3ad0c48383c7059a45370aa651c21e8b036f1927ed5f4a2545a93161216737942febe982ca6d733a20fe36a8e44516bd63efb276b4378b7e5a7c124b601887b5e4adb3d6cff190fc7dde74a6a3db14b4c230a7bbf75f75f7b8383bff05b43bebc00c35f224b5364958dec3705b8272612c2005dcad021f513cc99590d3eddcbd0943208feb340699371199f997cf783a220f9ebf0c577f5211d831d28470392d0197189f131ca1a02c4ed8f581a258a39db3e4dd0722b0cface2329a949212a06bdad9b842340c30281b1b3bec7fc909d52d2d68ff38d4c1684c38de29c17026875a9be72ed6f5397b387cb6cb9pki-ca-9.0.15.jarrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootpki-core-9.0.15-1.fc16.src.rpmconfig(pki-ca)pki-ca      /bin/sh/bin/sh/bin/shconfig(pki-ca)javapki-ca-themepki-commonpki-selinuxrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)systemd-unitssystemd-unitssystemd-unitsrpmlib(PayloadIsXz)9.0.15-1.fc161:1.6.09.0.09.0.15-1.fc169.0.15-1.fc163.0.4-14.6.0-14.0-15.2-14.9.1.1N{#@NiNf @NS@NBrN)f@N@M@M@MM@M@M@MMMRMK@MJMIG@M8#M5M.@M.@L8Matthew Harmsen 9.0.15-1Matthew Harmsen 9.0.14-1Ade Lee 9.0.13-1Matthew Harmsen 9.0.12-1Matthew Harmsen 9.0.11-1Matthew Harmsen 9.0.10-1Matthew Harmsen 9.0.9-1Matthew Harmsen 9.0.8-2Matthew Harmsen 9.0.8-1Matthew Harmsen 9.0.7-1Matthew Harmsen 9.0.6-2Matthew Harmsen 9.0.6-1Matthew Harmsen 9.0.5-2Matthew Harmsen 9.0.5-1Matthew Harmsen 9.0.4-1Matthew Harmsen 9.0.3-2Matthew Harmsen 9.0.3-1Matthew Harmsen 9.0.2-1Matthew Harmsen 9.0.1-3Matthew Harmsen 9.0.1-2Matthew Harmsen 9.0.1-1Matthew Harmsen 9.0.0-3Matthew Harmsen 9.0.0-2Matthew Harmsen 9.0.0-1- Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen) - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-setup' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee) - 'pki-symkey' - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-native-tools' - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-util' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - Bugzilla Bug #737218 - Incorrect request attribute name matching ignores request attributes during request parsing. (awnuk) - Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode (hsm+NSS). (jmagne) - 'pki-selinux' - Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS mode (cfu) - 'pki-silent' - Bugzilla Bug #739201 - pkisilent does not take arch into account as Java packages migrated to arch-dependent directories (mharmsen)- 'pki-setup' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-symkey' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-java-tools' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-common' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-silent' - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .- 'pki-setup' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-ca' - Bugzilla Bug #699809 - Convert CS to use systemd (alee) - 'pki-common' - Bugzilla Bug #699809 - Convert CS to use systemd (alee)- 'pki-setup' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-symkey' - 'pki-native-tools' - Bugzilla Bug #717643 - Fopen without NULL check and other Coverity issues (awnuk) - Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk) - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #700522 - pki tomcat6 instances currently running unconfined, allow server to come up when selinux disabled (alee) - Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated correctly when subsystem cloned (using hsm) (alee) - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-selinux' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-ca' - Bugzilla Bug #712931 - CS requires too many ports to be open in the FW (alee) - 'pki-silent'- 'pki-setup' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by renumbering "cn=" (mharmsen) - 'pki-common' - Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like (jmagne, awnuk) - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee) - Bugzilla Bug #708075 - Clone installation does not work over NAT (alee) - Bugzilla Bug #726785 - If replication fails while setting up a clone it will wait forever (alee) - Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk) - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-selinux' - Bugzilla Bug #700505 - pki tomcat6 instances currently running unconfined (alee) - 'pki-ca' - Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs in IPA profile (awnuk) - 'pki-silent' - Bugzilla Bug #689909 - Dogtag installation under IPA takes too much time - remove the inefficient sleeps (alee)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #720510 - Console: Adding a certificate into nethsm throws Token not found error. (jmagne) - Bugzilla Bug #719007 - Key Constraint keyParameter being ignored using an ECC CA to generate ECC certs from CRMF. (jmagne) - Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding for any component value which is equal to its default value (alee) - Bugzilla Bug #722989 - Registering an agent when a subsystem is created - does not log AUTHZ_SUCCESS event. (alee) - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert (awnuk) - 'pki-silent'- Updated release of 'jss' - Updated release of 'tomcatjss' for Fedora 15 - 'pki-setup' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-symkey' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-native-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #717765 - TPS configuration: logging into security domain from tps does not work with clientauth=want. (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-util' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-java-tools' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record processing) (mharmsen) - Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-common' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems (alee) - Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (alee) - Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk) - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages (jmagne) - Bugzilla Bug #698885 - Race conditions during IPA installation (alee) - Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface: SubjectID=$Unidentified$ fails audit evaluation (jmagne) - Bugzilla Bug #705914 - SCEP mishandles nicknames when processing subsequent SCEP requests. (awnuk) - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #707416 - additional audit messages for GetCookie (alee) - Bugzilla Bug #707607 - Published certificate summary has list of non-published certificates with succeeded status (jmagne) - Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated for tps and ca on server shutdown (jmagne) - Bugzilla Bug #697939 - DRM signed audit log message - operation should be read instead of modify (jmagne) - Bugzilla Bug #718427 - When audit log is full, server continue to function. (alee) - Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in CA's signedaudit log when a directory based user enrollment is performed (jmagne) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-selinux' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #720503 - RA and TPS require additional SELinux permissions to run in "Enforcing" mode (alee) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-ca' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser (jdennis) - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems (mharmsen) - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. (jmagne) - Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs for modify/add (alee) - Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee pages (alee) - Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs for a revocation invoked by EE user (awnuk) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen) - 'pki-silent' - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error. (mharmsen) - Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Added 'DRMTool.cfg' configuration file to inventory - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #532548 - Tool to do DRM re-key - 'pki-common' - 'pki-selinux' - 'pki-ca' - 'pki-silent'- 'pki-setup' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #694569 - parameter used by pkiremove not updated - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - 'pki-common' - Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs throws 'Invalid protocol' for OCSP subsystems - Bugzilla Bug #694569 - parameter used by pkiremove not updated - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #694143 - CA Agent not returning specified request - Bugzilla Bug #695015 - Serial No. of a revoked certificate is not populated in the CA signedAudit messages - Bugzilla Bug #698885 - Race conditions during IPA installation - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser - Bugzilla Bug #699837 - service command is not fully backwards compatible with Dogtag pki subsystems - 'pki-silent'- Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Bugzilla Bug #693327 - Missing requires: tomcatjss - 'pki-setup' - Bugzilla Bug #690626 - pkiremove removes the registry entry for all instances on a machine - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception. - 'pki-common' - Bugzilla Bug #692990 - Audit log messages needed to match CC doc: DRM Recovery audit log messages - 'pki-selinux' - 'pki-ca' - 'pki-silent'- Bugzilla Bug #693327 - Missing requires: tomcatjss- Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta) - Require "jss >= 4.2.6-15" as a build and runtime requirement - Require "tomcatjss >= 2.1.1" as a build and runtime requirement for Fedora 15 and later platforms - 'pki-setup' - Bugzilla Bug #688287 - Add "deprecation" notice regarding using "shared ports" in pkicreate -help . . . - Bugzilla Bug #688251 - Dogtag installation under IPA takes too much time - SELinux policy compilation - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple extensions - 'pki-common' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled on the EE port - 'pki-selinux' - Bugzilla Bug #684871 - ldaps selinux link change - 'pki-ca' - Bugzilla Bug #683581 - CA configuration with ECC(Default EC curve-nistp521) CA fails with 'signing operation failed' - Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments - Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port throws file not found exception.(profile and CS.cfg only) - 'pki-silent'- Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha) - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found - 'pki-setup' - Bugzilla Bug #678157 - uninitialized variable warnings from Perl - Bugzilla Bug #679574 - Velocity fails to load all dependent classes - Bugzilla Bug #680420 - xml-commons-apis.jar dependency - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath - Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA - 'pki-common' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #678715 - netstat loop fixes needed - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - 'pki-selinux' - Bugzilla Bug #674195: SELinux error message thrown during token enrollment - 'pki-ca' - Bugzilla Bug #673638 - Installation within IPA hangs - Bugzilla Bug #673609 - CC: authorize() call needs to be added to getStats servlet - Bugzilla Bug #676330 - init script cannot start service - 'pki-silent' - Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's classpath- 'pki-common' - Bugzilla Bug #676051 - IPA installation failing - Fails to create CA instance - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA instance- 'pki-common' - Bugzilla Bug #674894 - ipactl restart : an annoy output line - Bugzilla Bug #675179 - ipactl restart : an annoy output line- Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes - 'pki-setup' - Bugzilla Bug #673638 - Installation within IPA hangs - 'pki-symkey' - 'pki-native-tools' - 'pki-util' - 'pki-java-tools' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - 'pki-common' - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error. - Bugzilla Bug #504056 - Completed SCEP requests are assigned to the "begin" state instead of "complete". - Bugzilla Bug #504055 - SCEP requests are not properly populated - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries - Bugzilla Bug #672291 - CA is not publishing certificates issued using "Manual User Dual-Use Certificate Enrollment" - - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package - Bugzilla Bug #672920 - CA console: adding policy to a profile throws 'Duplicate policy' error in some cases. - Bugzilla Bug #673199 - init script returns control before web apps have started - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-selinux' - 'pki-ca' - Bugzilla Bug #504013 - sscep request is rejected due to authentication error if submitted through one time pin router certificate enrollment. - Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing information - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation - Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI subsystem instances - 'pki-silent' - Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided by 'netscape.security.provider' package- Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files in /var/run and /var/lock- 'pki-symkey' - Bugzilla Bug #671265 - pki-symkey jar version incorrect - 'pki-common' - Bugzilla Bug #564207 - Searches for completed requests in the agent interface returns zero entries- Allow 'pki-native-tools' to be installed independently of 'pki-setup' - Removed explicit 'pki-setup' requirement from 'pki-ca' (since it already requires 'pki-common') - 'pki-setup' - Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group - Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP and TKS. - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13 - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*, pkicreate fails Fedora 14 and above - Bugzilla Bug #23346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-symkey' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-native-tools' - template change - Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from OpenLDAP instead of the Mozldap - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #644056 - CS build contains warnings - 'pki-util' - Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical cannot be set to true - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and CS interface - Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse ASN.1 encoding/decoding is broken - Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1 encoding/decoding is incomplete - Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1 encoding/decoding is incomplete - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #223319 - Certificate Status inconsistency between token db and CA - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-java-tools' - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to 5000 bytes - Bugzilla Bug #656733 - Standardize jar install location and jar names - 'pki-common' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable started before configuration completed - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5 policy mappings (seem hardcoded) - Bugzilla Bug #224945 - javadocs has missing descriptions, contains empty packages - Bugzilla Bug #548699 - subCA's admin certificate should be generated by itself - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile caAgentServerCert (null cert_request) - Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited number of times - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #629677 - TPS: token enrollment fails. - Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN in a SCEP request - Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection pools not reliable - improve connections or discovery - Bugzilla Bug #629769 - password decryption logs plain text password - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #607380 - CC: Make sure Java Console can configure all security relevant config items - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #489342 - com.netscape.cms.servlet.common.CMCOutputTemplate.java doesn't support EC - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #635033 - At installation wizard selecting key types other than CA's signing cert will fail - Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated for SCEP signing and encryption. - Bugzilla Bug #223336 - ECC: unable to clone a ECC CA - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #223313 - should do random generated IV param for symmetric keys - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #648757 - expose and use updated cert verification function in JSS - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing e.c. support - Bugzilla Bug #651040 - cloning shoud not include sslserver - Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to CS.cfg files imcomplete when the cert is stored on a hsm - Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . . - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #642359 - CC Feature - need to verify certificate when it is added - Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires auditing - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1 - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an error to TPS even if certificate in question is already revoked. - Bugzilla Bug #663546 - Disable the functionalities that are not exposed in the console - Bugzilla Bug #661514 - CMAKE build system requires rules to make javadocs - Bugzilla Bug #658188 - remove remaining references to tomcat5 - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #642741 - CS build uses deprecated functions - Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - 'pki-selinux' - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer - selinux changes - 'pki-ca' - Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review - Bugzilla Bug #620925 - CC: auditor needs to be able to download audit logs in the java subsystems - Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA - Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of CC interface doc review - Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with admin privilege throws error "You are not authorized to perform this operation". - Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml as part of CC interface review - Bugzilla Bug #583823 - CC: Auditing issues found as result of CC - interface review - Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws 'Internal Server Error'. - Bugzilla Bug #586700 - OCSP Server throws fatal error while using OCSP console for renewing SSL Server certificate. - Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes. - Bugzilla Bug #621338 - Include a server randomly-generated 16 byte senderNonce in all signed SCEP responses. - Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be generated on TKS instead of TPS. - Bugzilla Bug #630121 - OCSP responder lacking option to delete or disable a CA that it serves - Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1 - Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade attack in SCEP - Bugzilla Bug #621334 - Provide an option to set default hash algorithm for signing SCEP response messages. - Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned by Reason Code - onlySomeReasons ? - Bugzilla Bug #637330 - CC feature: Key Management - provide signature verification functions (JAVA subsystems) - Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port fowarding for agent services - Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on ECC curve names (not on key sizes). - Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple Certificates from the Same Request - Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection of signature algorithm; and for ECC curves - Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA release -- DRM and TKS do not seem to have CRL checking enabled - Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help correctly set up CC environment - Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in certificates (RFC 4262) - Bugzilla Bug #651916 - kra and ocsp are using incorrect ports to talk to CA and complete configuration in DonePanel - Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object signing support in RHCS - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #499494 - change CA defaults to SHA2 - Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit policy extension to 5 only - Bugzilla Bug #649910 - Console: an auditor or agent can be added to an administrator group. - Bugzilla Bug #632425 - Port to tomcat6 - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets as expected - Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for validity - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke certs in TPS - Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature - Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA. - Bugzilla Bug #649343 - Publishing queue should recover from CA crash. - Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and pkiCA, obsolete 2252 and 2256 - Bugzilla Bug #223346 - Two conflicting ACL list definitions in source repository - Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #661142 - Verification should fail when a revoked certificate is added - Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key usage - Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time interface is no longer available through console - Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory During CRL Generation - 'pki-silent' - Bugzilla Bug #627309 - pkisilent subca configuration fails. - Bugzilla Bug #640091 - pkisilent panels need to match with changed java subsystems - Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM Clone. - Bugzilla Bug #643053 - pkisilent DRM configuration fails - Bugzilla Bug #583754 - pki-silent needs an option to configure signing algorithm for CA certificates - Bugzilla Bug #489385 - references to rhpki - Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI interface - Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml) - Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module Panel up to before Security Domain Panel - Bugzilla Bug #643206 - New CMake based build system for Dogtag - Bugzilla Bug #588323 - Failed to enable cipher 0xc001 - Bugzilla Bug #656733 - Standardize jar install location and jar names - Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves, signing algorithm - Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords with special characters - Bugzilla Bug #642741 - CS build uses deprecated functions- Bugzilla Bug #668839 - Review Request: pki-core - Removed empty "pre" from "pki-ca" - Consolidated directory ownership - Corrected file ownership within subpackages - Removed all versioning from NSS and NSPR packages- Bugzilla Bug #668839 - Review Request: pki-core - Added component versioning comments - Updated JSS from "4.2.6-10" to "4.2.6-12" - Modified installation section to preserve timestamps - Removed sectional comments- Initial revision. (kwright@redhat.com & mharmsen@redhat.com)/bin/sh/bin/sh/bin/sh                                                                                                                                         F_FIFFFFFFaFFFeFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF!FF)FF FFFF'F"FFFFF#F%F(FFF&F$F*F+FPFUF7F;FVFRFWFAF6F?FDF1FYFNFCFKFGFMF3F.FZFIFJFOFLF9FQF5F:F@F0FFF=FXF,F>F/FEFSF<F-FBF2F8FTF4FHFbFcFdFFFFFFFFFFF[F\9.0.15-1.fc169.0.15-1.fc16     pki-cad.target.wantspki-ca.confpki-cad.targetpki-cad@.servicepki-ca-9.0.15LICENSEpki-ca-9.0.15.jarpki-ca.jarcaconfCS.cfgacl.ldifadminCert.profilecaAuditSigningCert.profilecaCert.profilecaOCSPCert.profilecatalina.policycatalina.propertiescontext.xmldatabase.ldifdb.ldifflatfile.txtindex.ldifjk2.manifestjk2.propertiesjkconf.ant.xmljkconfig.manifestlogging.propertiesproxy.confregistry.cfgschema.ldifserver-minimal.xmlserver.xmlserverCert.profileserverCertNick.confshm.manifestsubsystemCert.profiletomcat-jk2.manifesttomcat-users.xmltomcat6.confuriworkermap.propertiesvlv.ldifvlvtasks.ldifweb.xmlworkers.propertiesworkers.properties.minimalworkers2.propertiesworkers2.properties.minimalemailsExpiredUnpublishJobExpiredUnpublishJobItemcertIssued_CAcertIssued_CA.htmlcertIssued_RAcertIssued_RA.htmlcertRequestRejected.htmlcertRevoked_CAcertRevoked_CA.htmlcertRevoked_RAcertRevoked_RA.htmleuJob1.htmleuJob1Item.htmlpublishCerts.htmlpublishCertsItem.htmlreqInQueue_CAreqInQueue_CA.htmlreqInQueue_RAreqInQueue_RA.htmlriq1Item.htmlriq1Summary.htmlrnJob1.txtrnJob1Item.txtrnJob1Summary.txtprofilescaDomainController.cfgcaAdminCert.cfgcaAgentFileSigning.cfgcaAgentServerCert.cfgcaCACert.cfgcaCMCUserCert.cfgcaDirUserCert.cfgcaDirUserRenewal.cfgcaDualCert.cfgcaDualRAuserCert.cfgcaEncUserCert.cfgcaFullCMCUserCert.cfgcaIPAserviceCert.cfgcaInstallCACert.cfgcaInternalAuthAuditSigningCert.cfgcaInternalAuthDRMstorageCert.cfgcaInternalAuthOCSPCert.cfgcaInternalAuthServerCert.cfgcaInternalAuthSubsystemCert.cfgcaInternalAuthTransportCert.cfgcaJarSigningCert.cfgcaManualRenewal.cfgcaOCSPCert.cfgcaOtherCert.cfgcaRACert.cfgcaRARouterCert.cfgcaRAagentCert.cfgcaRAserverCert.cfgcaRouterCert.cfgcaSSLClientSelfRenewal.cfgcaServerCert.cfgcaSignedLogCert.cfgcaSimpleCMCUserCert.cfgcaTPSCert.cfgcaTempTokenDeviceKeyEnrollment.cfgcaTempTokenUserEncryptionKeyEnrollment.cfgcaTempTokenUserSigningKeyEnrollment.cfgcaTokenDeviceKeyEnrollment.cfgcaTokenMSLoginEnrollment.cfgcaTokenUserEncryptionKeyEnrollment.cfgcaTokenUserEncryptionKeyRenewal.cfgcaTokenUserSigningKeyEnrollment.cfgcaTokenUserSigningKeyRenewal.cfgcaTransportCert.cfgcaUUIDdeviceCert.cfgcaUserCert.cfgcaUserSMIMEcapCert.cfgsetupconfig.desktopregistry_instancewebappsROOTWEB-INFweb.xmlindex.jspcaWEB-INFclassesvelocity.propertiesweb.xmlcaca/etc/systemd/system//etc/tmpfiles.d//lib/systemd/system//usr/share/doc//usr/share/doc/pki-ca-9.0.15//usr/share/java/pki//usr/share/pki//usr/share/pki/ca//usr/share/pki/ca/conf//usr/share/pki/ca/emails//usr/share/pki/ca/profiles//usr/share/pki/ca/profiles/ca//usr/share/pki/ca/setup//usr/share/pki/ca/webapps//usr/share/pki/ca/webapps/ROOT//usr/share/pki/ca/webapps/ROOT/WEB-INF//usr/share/pki/ca/webapps/ca//usr/share/pki/ca/webapps/ca/WEB-INF//var/lock/pki//var/run/pki/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=genericdrpmx86_64-redhat-linux-gnuASCII textASCII text, with very long linesHTML document, ASCII textXML document textXML document textdirectoryempty (Zip archive data)exported SGML document, ASCII textxz2? 7zXZ !#, ]"k%]z(StPړvK!v:Jٝ"Z"^}o#46]p{ݙH2,؃DbaG W ƄYqQG.f)Կ}_鼾x^n揿a7Cgr2:%}ϕ,܈ }Hh:#[ƣis=PW r#Z-iK&ݲOfBFH;[!lT0e0Pu1#ŀSL'~nzUS[pZ)[MЌ0NRs[e)m/V(LKxY"ȯg OZ[ݎ7xbLOhXaۂn_(lvjڵpw|Uy֒9Pʧu rܕ/fSf#16ϲ.L/#7Բ xJ*-Թ QG6Ҍ=^GA}3Ԗ ZRO?sF #pIx+j}xTaI(MI0JmNQmǁ-aDaEtÇ(9YcXd,Sq_VSq4]ZZ@zIy!+=)/auU$T9.pKQC.z*ZUyw[ ';j% ;^?1=1еk[ٺfOO|ANJAƚ<]n$yT+ uGg |U_yӳу|*[![K`,ͨ+2p8 aASs#d, K&4!Zg8Y:܅17  LQuŕ\etxOXݰsq + چυە]dH Qy6ܮ8''Ie@ 魣LLZL;2b۷^2tG/;x % z2wl-%oN! 4;6d~),R%u\k2'&0?Y$wL9Qa\$-;Rv*S/b,[JTVL|;B}BC9C鯟) /b( *jOl"__>wPR'x m_gV=/HOr}7Q@-v+tJx l/>"[iw!'gRԒ6kɬŚ nQ΋4%Ƞ_Th&ɳ0+RQ(z# zu4hB]:6u>l#P`t Ug>wh<ξdDy0(φ^=|ACMtt?͞}B>~#]C"<݆?^%P2eT2%{8.6F ٤*G?>Q3ۘL1+^imuuЙya;\1s AnTߍ&HXx3tGN0b<8~ey-;@pDXO# 2~@$H`