Table of Contents
Advertisement
Quick Links
Copyright © 2008 Red Hat, Inc.. This material may only be distributed subject to the
terms and conditions set forth in the Open Publication License, V1.0 or later with the
restrictions noted below (the latest version of the OPL is presently available at
tp://www.opencontent.org/openpub/).
Distribution of substantively modified versions of this document is prohibited without
the explicit permission of the copyright holder.
Distribution of the work or derivative of the work in any standard (paper) book form for
commercial purposes is prohibited unless prior permission is obtained from the copy-
right holder.
Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat,
Inc. in the United States and other countries.
All other trademarks referenced herein are the property of their respective owners.
The GPG fingerprint of the security@redhat.com key is:
CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E
1. Introduction ..................................................................................................................... 2
2. New Features in Red Hat Certificate System 7.2 ................................................................ 2
3. Deployment Notes ........................................................................................................... 4
3.1. Server Support ...................................................................................................... 4
3.2. Optional Server Hardware ...................................................................................... 5
3.3. Client Support ....................................................................................................... 6
3.4. Optional Client Hardware ....................................................................................... 6
3.5. Other Required Software ....................................................................................... 6
3.6. Red Hat Enterprise Linux Considerations ................................................................ 6
3.7. Sun Solaris Considerations .................................................................................... 7
4. Obtaining Packages ......................................................................................................... 7
5. Important Notes ............................................................................................................... 8
5.1. Installation Notes ................................................................................................... 8
5.2. Required JRE ....................................................................................................... 8
5.3. Required JDK ....................................................................................................... 9
5.4. TPS Subsystem Considerations ........................................................................... 10
5.5. Directory Server Information ................................................................................ 10
5.6. Source RPMs ...................................................................................................... 10
Release Notes
7.2 and Updates
Copyright © 2008 Red Hat, Inc.
1801 Varsity Drive
Raleigh, NC 27606-2072USAPhone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588Research Triangle Park, NC 27709USA
ht-
1
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.2 - RELEASE NOTES
Summary of Contents for Red Hat CERTIFICATE SYSTEM 7.2 - RELEASE NOTES
-
Page 1: Table Of Contents
All other trademarks referenced herein are the property of their respective owners. The GPG fingerprint of the security@redhat.com key is: CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E... -
Page 2: Introduction
Release Notes 5.7. New File Locations and Subsystem URIs .............. 10 6. Known Issues ........................ 11 7. Updates and Errata Releases for Red Hat Certificate System 7.2 ........16 8. Documentation ......................19 9. Copyright and Third-Party Acknowledgments ..............20 10. - Page 3 New Features in Red Hat Certificate System 7.2 Red Hat Certificate System 7.1 was comprised of a single large package. Red Hat Certificate System 7.2 has been modularized into numerous smaller packages to allow easier support by updating an ex- isting package rather than the entire server.
-
Page 4: Deployment Notes
Release Notes NOTE The Red Hat Directory Server can be installed on a separate machine, which is the re- commended scenario for most production deployments. Red Hat Certificate System 7.2 creates and removes instances of CA, DRM, OCSP, TKS, and TPS through command-line utilities called pkicreate and pkiremove. -
Page 5: Optional Server Hardware
Optional Server Hardware Component Details Intel — 2.0 GHz Pentium 4 or faster 1 GB (required) Hard disk storage space Total is approximately 5 GB • Total transient space required during installa- tion: 1 GB • Hard disk storage space required for installa- tion: •... -
Page 6: Client Support
• Red Hat Directory Server 7.1; the source code and binaries for this component are available at tps://1rhn.redhat.com), through the Red Hat Directory Server 7.1 channel. • Web browser software that supports SSL. It is strongly recommended that users such as agents or administrators use Mozilla Firefox. -
Page 7: Sun Solaris Considerations
The Sun Solaris version of Certificate System was tested on Solaris 9 with patch level 118558-28. 4. Obtaining Packages Red Hat Network (http://1rhn.redhat.com) is the software distribution mechanism for most Red Hat customers. Account login information for Red Hat Network, including entitlements for the Red Hat Cer- tificate System 7.2 release, is required to download this software from Red Hat Network. -
Page 8: Important Notes
Release Notes 5. Important Notes The following sections contain important installation, configuration, and deployment information for Red Hat Certificate System 7.2. 5.1. Installation Notes • Packages are non-relocatable. The Red Hat Certificate System base packages can not be installed to a user-designated location. •... -
Page 9: Required Jdk
SUNWj5rt, first, and then add the 64-bit package, SUNWj5rtx. 5.3. Required JDK A JDK must be present on Red Hat Enterprise Linux systems. See tp://kbase.redhat.com/faq/FAQ_54_4667.shtm for more information. While almost any JDK is suffi- cient, installing one of these JDKs is recommended: •... -
Page 10: Tps Subsystem Considerations
Table 3, “Certificate System 7.1 and 7.2 File Locations”. These are explained in more detail in chapter 3, "Administrative Basics," in the Certificate System Adminis- trator's Guide. File 7.1 Location 7.2 Location Subsystem start and stop /opt/redhat-cs/cert-in- /etc/init.d/instance_ID scripts stance_ID... -
Page 11: Known Issues
Known Issues File 7.1 Location 7.2 Location Subsystem installation directory /opt/redhat-cs/cert-in- /var/lib/instance_ID (default) stance_ID Subsystem configuration direct- /opt/redhat-cs/cert-in- /var/lib/instance_ID/conf ory (default) stance_ID/config Subsystem log files /opt/redhat-cs/cert-in- /var/log/instance_ID stance_ID/logs Tools /usr/bin opt/red- hat-cs/bin/cert/tools Security databases /opt/redhat-cs/alias /var/lib/instance_ID/alias Table 3. Certificate System 7.1 and 7.2 File Locations In addition to differences between the default directories, versions 7.1 and 7.2 use different URLs for... - Page 12 Release Notes Bug Number Description bad. SHA-256 can be used as the signing algorithm instead. 57514 If a TKS master key is generated on a SafeNet LunaSA HSM, server-side key genera- tion fails with the following error in the TKS debug log: "can't generate key encryption key"...
- Page 13 Known Issues Bug Number Description 57800 It is possible for inconsistencies to arise between the TPS database and the CA data- base, so that certificate statuses may not be correct. The TPS database only maintains the certificate statuses on tokens that were last seen by the TPS system. For example, if a certificate is manually revoked by the CA agent, then that revocation status does not get updated automatically in the TPS database.
- Page 14 Release Notes Bug Number Description page can still be accessed. This page can be disabled by removing the preop.pin parameter from the instance's CS.cfg file and restarting the instance. 58301 Using the administrative console to renew an SSL server certificate stored on a hard- ware token automatically imports the server certificate into the Certificate System soft- ware token rather than the hardware token.
- Page 15 Known Issues Bug Number Description and create a new secmod.db database. 58745 If two TPS instances are running on the same machine, stopping or restarting one in- stance will automatically restart the other instance. It is recommended that only one TPS instance run per machine.
-
Page 16: Updates And Errata Releases For Red Hat Certificate System 7.2
The following erratas have been issued for Red Hat Certificate System, fixing important security and performance issues. The complete list of erratas issued for Red Hat Certificate System 7.2 is available through Red Hat Network for Red Hat Enterprise Linux 4 https://rhn.redhat.com/errata/rhel-certserv-72-errata.html... - Page 17 Updates and Errata Releases for Red Hat Certi- ficate System 7.2 Release Date Errata Re- Bug Number Description lease January 14, RHSA Red Hat Certificate System used insecure de- 249923 2009 2009:0006 fault file permissions on certain configuration 451998 (CVE files, such as password.conf, that may con- 2008-2367) tain administrative passwords or other creden-...
- Page 18 Release Notes Release Date Errata Re- Bug Number Description lease LDAP search times. 249229 The default OCSP verification path has changed since Red Hat Certificate System 7.1. These updated packages add support for certi- ficates that use the old AuthorityInfoAccess URL.
-
Page 19: Documentation
Documentation Release Date Errata Re- Bug Number Description lease A user who had a revoked but otherwise valid certificate could take advantage of this issue to bypass the revocation list. 308161 If Certificate System received an OCSP re- quest using the GET method, it returned an HTTP 404 error because it could not properly handle GET requests. -
Page 20: Copyright And Third-Party Acknowledgments
For the latest information about Red Hat Certificate System, including current release notes, complete product documentation, technical notes, and deployment information, see tp://1www.redhat.com/1docs/1manuals/1cert-system/. 9. Copyright and Third-Party Acknowledgments Copyrights and third-party acknowledgments for portions of Red Hat Certificate System 7.2 servers in-... - Page 21 Red Hat Certificate System requires a complete Red Hat Directory Server 7.1 binary, and the open source portion of Certificate System is available at the following URL: https://1rhn.redhat.com Copyrights and third-party acknowledgments for portions of Red Hat Certificate System 7.2 clients in-...
- Page 22 Release Notes http://1www.mozilla.org/1projects/1nspr/1index.html Red Hat Enterprise Security Client also uses the Network Security Services (NSS) libraries from the Mozilla Project. If any problems are found in these specific libraries, the source code and build instructions for the latest version of these libraries and, potentially, binary images for newer ver- sions are available at the following URL: http://1www.mozilla.org/1projects/1security/1pki/1nss/1index.html Additional Red Hat Enterprise Security Client smart card libraries and modules:...
- Page 23 Copyright and Third-Party Acknowledgments remedies for any breach of warranty. WARRANTY DISCLAIMER. EXCEPT FOR THE EXPRESS LIMITED WARRANTY SET FORTH IN SECTION 5 ABOVE, THE SOFTWARE IS PROVIDED AS IS. SCHLUMBERGER AND ITS SUP- PLIERS MAKE NO OTHER EXPRESS WARRANTIES. TO THE EXTENT AUTHORIZED BY AP- PLICABLE LAW, ALL OTHER WARRANTIES WHETHER EXPRESS, IMPLIED OR STATUTORY, INCLUDING WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FIT- NESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT, ARE SPECIFICALLY DIS-...
-
Page 24: Document History
OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF AD- VISED OF THE POSSIBILITY OF SUCH DAMAGE. 10. Document History Revision History Revision 7.2.1 January 14, 2009 Ella Deon Lackey dlackey@redhat.com Updated release information, per Errata RHSA-2009:0006. Revision 7.2.0 December 8, 2006 Ella Deon Lackey dlackey@redhat.com Initial release.