1. Manuals
  2. Brands
  3. Red Hat Manuals
  4. Software
  5. CERTIFICATE 8.0 RELEASE NOTES
  6. Release note

Simplified Signed Audit Logging; New Windows Smart Card Login Profile For Tokens; Enhanced Security Officer Mode And Enterprise Security Client Configuration; Expanded Tps Roles - Red Hat CERTIFICATE SYSTEM 8.0 - RELEASE NOTES Release Note

Hide thumbs
Table of Contents

Advertisement

Red Hat Certificate System 8.0

1.6. Simplified Signed Audit Logging

Audit log signing certificates are now created with all of the other default subsystem certificates as
soon as a CA, DRM, OCSP, TKS, or TPS subsystem is configured. The log is also already configured
and can be very easily enabled. Signed audit logs can be verified by auditors using the included
AuditVerify script.

1.7. New Windows Smart Card Login Profile for Tokens

A new example profile is included with the regular CA profiles list which enabled the CA and TPS to
issue certificates and enroll tokens that can be used to log into Windows systems.
1.8. Enhanced Security Officer Mode and Enterprise Security Client
Configuration
Setting up and using security officer workstation has been improved and additional parameters have
been added to the esc-pref.js configuration file to make configuring the Enterprise Security Client
security officer settings easier and more flexible.

1.9. Expanded TPS Roles

A new role, the operator role has been added to the TPS subsystem. This role can view and search
all tokens, certificates, and activities within the Token Processing System (TPS) but cannot edit any
entries.
Additionally, the administrator role interface has been enhanced to allow administrators to create and
edit users, assign profiles, and delete users directly.

1.10. Added IPv6 Support

The Certificate System 8.0 services can accept requests from all supported browsers, from other
Certificate System subsystems, and from the administrative console over IPv6. The server also
supports using IPv6 addresses in the Subject Alt Names of certificates, with certificate extensions, and
with Certificate System scripts and tools.

1.11. Using HTTP1.1 for Publishing CRLs

HTTP 1.1 has been added as a supported protocol to use to publish CRLs, in addition to publishing
to file and to LDAP. This makes publishing CRLs safer and more efficient, since "chunks" of CRLs
can be published rather the entire CRL. If CRL publishing is ever interrupted, the process can resume
smoothly.

1.12. Enhanced Installation Scripts

Certificate System creates and configures additional instances using the pkicreate script. An
additional script, pkisilent, can be used to create and configure multiple subsystem instances
quickly and without unnecessary user interaction. Both of these scripts have been enhanced and
strengthened for changes to port separation, security domain configuration, and other updates to the
structure of Certificate System subsystems.
4

Advertisement

Table of Contents
loading

Related Manuals for Red Hat CERTIFICATE SYSTEM 8.0 - RELEASE NOTES

Related Content for Red Hat CERTIFICATE SYSTEM 8.0 - RELEASE NOTES

This manual is also suitable for:

Certificate system 8.0 - administration

Table of Contents