Table of Contents
Advertisement
Red Hat Certificate System 8.0
TPS connections will use the new session renegotiation protocol and all of the operations will proceed
as normal.
Additional configuration changes may need to be made for the Windows auto-enrollment proxy or
third-party RAs if those systems aren't updated to use the new renegotiation protocol. Contact Red Hat
support for information on what needs to be done for those clients.
It is unclear on when browser clients will have updates available and applied to use the new session
renegotiation protocol. If these clients aren't updated, but the server is, then the connections to the
subsystem server may fail.
NOTE
These changes are not required if all clients accessing Certificate Systems are upgraded
to support RFC 5746.
Certificate System 8.0 uses the Red Hat Enterprise Linux 5 system NSS packages. Updated NSS
packages for Red Hat Enterprise Linux 5 are available as part of
instances need to be reconfigured to add the new port, and direct requests to this port. Any new
instances will automatically have these changes applied.
Procedure 1. For Existing CAs
1.
Before making any edits to the CA configuration, back up the following files:
• /var/lib/instance_name/webapps/ca/WEB-INF/web.xml
• /var/lib/instance_name/web-apps.ee/ca/ee/ca/ProfileSelect.template
• /var/lib/instance_name/conf/server.xml
• /etc/init.d/instance_name
2.
Since database changes are also required, back up the database.
3.
Modify the server.xml file to add the new client authentication end-entities port.
1. At the top of the file, replace the PKI status definitions with the following section, with the
correct hostname and ports. Replace all the lines with the exact excerpt because there are
important spacing differences in the definitions.
<!-- DO NOT REMOVE -- Begin PKI Status Definitions --->
<!--
Unsecure Port
Secure Agent Port
Secure EE Port
Secure Admin Port
EE Client Auth Port = https://server.example.com:9446/ca/eeca/ca
PKI Console Port
Tomcat Port
-->
<!-- DO NOT REMOVE -- End PKI Status Definitions --->
13
https://rhn.redhat.com/errata/RHBA-2010-0165.html
20
= http://server.example.com:9180/ca/ee/ca
= https://server.example.com:9443/ca/agent/ca
= https://server.example.com:9444/ca/ee/ca
= https://server.example.com:9445/ca/services
= pkiconsole https://server.example.com:9445/ca
= 9802 (for shutdown)
Errata RHBA-2010:0165
13
. Existing
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - RELEASE NOTES
Related Products for Red Hat CERTIFICATE SYSTEM 8.0 - RELEASE NOTES
- Red Hat CERTIFICATE 7.2 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 7.2 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.1 - ADMINSISTRATOR
- Red Hat CERTIFICATE 7.3 RELEASE NOTES
- Red Hat CERTIFICATE SYSTEM 8 - DEPLOYMENT
- Red Hat CERTIFICATE SYSTEM 8 - AGENTS GUIDE
- Red Hat CERTIFICATE SYSTEM ENTERPRISE - SECURITY GUIDE
- Red Hat CLUSTER SUITE - CONFIGURING AND MANAGING A CLUSTER 2006