manualshive.com logo in svg

Red Hat CERTIFICATE 7.2 RELEASE NOTES, Release Note

The "Red Hat CERTIFICATE 7.2 RELEASE NOTES" provide comprehensive information about the latest updates and features of the product. This user manual is a vital resource for understanding the functionalities and enhancements. Download this free manual from manualshive.com to stay up-to-date with the release notes and make the most of your Red Hat CERTIFICATE 7.2 experience.

Share
Download
background image

Release Notes

7.2 and Updates

Copyright

©

2008 Red Hat, Inc.

Copyright

©

2008 Red Hat, Inc.. This material may only be distributed subject to the

terms and conditions set forth in the Open Publication License, V1.0 or later with the
restrictions noted below (the latest version of the OPL is presently available at

ht-

tp://www.opencontent.org/openpub/

).

Distribution of substantively modified versions of this document is prohibited without
the explicit permission of the copyright holder.

Distribution of the work or derivative of the work in any standard (paper) book form for
commercial purposes is prohibited unless prior permission is obtained from the copy-
right holder.

Red Hat and the Red Hat "Shadow Man" logo are registered trademarks of Red Hat,
Inc. in the United States and other countries.

All other trademarks referenced herein are the property of their respective owners.

The GPG fingerprint of the [email protected] key is:

CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E

1801 Varsity Drive
Raleigh, NC 27606-2072USAPhone: +1 919 754 3700
Phone: 888 733 4281
Fax: +1 919 754 3701
PO Box 13588Research Triangle Park, NC 27709USA

1. Introduction ..................................................................................................................... 2
2. New Features in Red Hat Certificate System 7.2 ................................................................ 2
3. Deployment Notes ........................................................................................................... 4

3.1. Server Support ...................................................................................................... 4
3.2. Optional Server Hardware ...................................................................................... 5
3.3. Client Support ....................................................................................................... 6
3.4. Optional Client Hardware ....................................................................................... 6
3.5. Other Required Software ....................................................................................... 6
3.6. Red Hat Enterprise Linux Considerations ................................................................ 6
3.7. Sun Solaris Considerations .................................................................................... 7

4. Obtaining Packages ......................................................................................................... 7
5. Important Notes ............................................................................................................... 8

5.1. Installation Notes ................................................................................................... 8
5.2. Required JRE ....................................................................................................... 8
5.3. Required JDK ....................................................................................................... 9
5.4. TPS Subsystem Considerations ........................................................................... 10
5.5. Directory Server Information ................................................................................ 10
5.6. Source RPMs ...................................................................................................... 10

1

Summary of Contents for CERTIFICATE 7.2 RELEASE NOTES

Page 1: ...trademarks of Red Hat Inc in the United States and other countries All other trademarks referenced herein are the property of their respective owners The GPG fingerprint of the security redhat com key is CA 20 86 86 2B D6 9D FC 65 F6 EC C4 21 91 80 CD DB 42 A6 0E 1801 Varsity Drive Raleigh NC 27606 2072USAPhone 1 919 754 3700 Phone 888 733 4281 Fax 1 919 754 3701 PO Box 13588Research Triangle Park...

Page 2: ...talling and configuring multiple subsystem instances New security domain structure to organize and streamline communications between subsystems Enhanced cloning functionalities utilizing the new security domain organization Enhanced Red Hat Enterprise Security Client GUI and diagnostic and Phone Home functionality Multiple distinct packages rather than a single all encompassing package A new stand...

Page 3: ... System server functionality is implemented through distribution to appropriate locations within the op erating system For example 32 bit Red Hat Certificate System libraries are located under usr lib binaries are located under usr bin and Java archives jars are located under usr share java In Red Hat Certificate System 7 1 the Java based tool startconsole was used to configure and manage any serv...

Page 4: ...Enterprise Linux 4 i386 Red Hat Enterprise Security Client 1 0 is now available on Apple Macintosh OS X 10 4 x Tiger as well as Microsoft Windows XP Professional and 32 bit and 64 bit Red Hat Enterprise Linux 4 The TokenD implementation in the new Enterprise Security Client allows use of Red Hat Certificate System smart card technology to be integrated with Apple applications such as the Safari We...

Page 5: ...equired to set up configure and run the server approximately 2 GB Additional space for database growth in pilot deployment approximately 1 GB Total disk storage space for installation ap proximately 1 GB Table 2 Server Requirements 3 2 Optional Server Hardware Chrysalis ITS LunaSA Hardware Security Module HSM Firmware 4 5 2 Appliance Software 3 2 4 Client Software 3 2 4 nCipher netHSM Firmware 2 1...

Page 6: ... this component are available at ht tps 1rhn redhat com through the Red Hat Directory Server 7 1 channel Web browser software that supports SSL It is strongly recommended that users such as agents or administrators use Mozilla Firefox End entities should use Mozilla Firefox or Microsoft Internet Ex plorer The only browser that is fully supported for the HTML based instance configuration wizard is ...

Page 7: ...ing Packages Red Hat Network http 1rhn redhat com is the software distribution mechanism for most Red Hat customers Account login information for Red Hat Network including entitlements for the Red Hat Cer tificate System 7 2 release is required to download this software from Red Hat Network After logging into Red Hat Network go to the appropriate Red Hat Certificate System 7 2 channel to download ...

Page 8: ...e packaged binary distribution of this package java 1 5 0 ibm 1 5 0 0 1jpp_2rh 0 i386 is available through either the Red Hat Enterprise Linux AS v 4 for x86 Extras Red Hat Network channel or the Red Hat Enterprise Linux ES v 4 for x86 Extras Red Hat Network channel Similarly for 64 bit Red Hat Enterprise Linux 4 platforms Certificate System 7 2 requires the 64 bit version of the IBM JRE 1 5 0 A p...

Page 9: ...ity The contents of the 32 bit file jdk 1_5_0_09 solaris sparc tar Z are COPYRIGHT LICENSE README html SUNWj5cfg SUNWj5dev SUNWj5dmo SUNWj5jmp SUNWj5man and SUNWj5rt The contents of the 64 bit file jdk 1_5_0_09 solaris sparcv9 tar Z are SUNWj5dmx SUN Wj5dvx and SUNWj5rtx Since only the JRE is needed on Solaris 9 systems use the pkgadd utility to add the 32 bit package SUNWj5rt first and then add t...

Page 10: ...r Information All subsystems require access to Red Hat Directory Server 7 1 on either the local machine if it is also a 32 bit Red Hat Enterprise Linux platform or a remote machine acceptable platforms are 32 bit Red Hat Enterprise Linux 4 32 bit Solaris 9 for SPARC or 64 bit Solaris 9 for SPARC 5 6 Source RPMs Since Red Hat Certificate System 7 2 is not an open source product source RPMs are only...

Page 11: ...es Page https hostname SSLport https hostname SSLport ca services CA Agents Page https hostname SSLport ca agent ca CA End Entities Page https hostname SSLport ca ee ca DRM Services Page https hostname SSLport https hostname SSLport kra services DRM Agents Page https hostname SSLport kra agent kra OCSP Services Page https hostname SSLport https hostname SSLport ocsp services OCSP Agents Page https...

Page 12: ...n Access extension from the caServerCert pro file then install the subsystem 57677 If the DRM response to the TPS exceeds the timeout period the server can return the incorrect response message 200 HTTP 1 1 OK signaling that the operation com pleted successfully instead of timing out 57640 If a DRM version 6 1 SP4 is migrated to version 7 2 then the archived keys that were migrated cannot be recov...

Page 13: ...s subordinate CAs publish CRLs to an OCSP the OCSP needs the CA signing certificate of both CAs The signing certificate can be imported into the OCSP database through the OCSP agent interface 57978 Trying to add the nsTokenUserKeySubjectName default with No Constraint ex tension to a certificate profile through the Certificate Manager Console throws a null pointer exception and the default is not ...

Page 14: ...le config wizard p 12 58464 On Mozilla Firefox when accessing a subsystem URL without specifying the desired page such as https server example com 9443 it automatically redirects to https server example com 9443 ca services The redirect does not work on Internet Explorer 6 0 when trying the URL ht tps server example com 9443 Internet Explorer opens a blank page 58518 When starting or stopping a CA...

Page 15: ...ed on 21 These warnings can be ignored because they only indicate that the request repository is empty at the time the clone is configured they do not indicate a problem with the clone instance 58773 If a subsystem within a security domain needs to be re installed there may be a sub system user already created in the security domain CA s user database if the previous installation was either succes...

Page 16: ...s a member to the nfast group if the Certificate System group has not already been added 213805 If a token is plugged in when the Enterprise Security Client is installed then the client can fail to recognize the token To be certain that the Enterprise Security Client will re cognize tokens make sure that no smart card tokens are plugged in when the Enter prise Security Client packages are installe...

Page 17: ...ng an OCSP request via the GET method may have caused a Null PointerException This errata adds support for processing OCSP requests submitted through a GET method 239876 308161 Because Certificate System subsystems could not handling Online Certificate Status Protocol OCSP requests in the GET method OCSP GET requests resulted in a 404 error This was also related to a problem which caused the subsy...

Page 18: ...s were added to the issued certificate even if con straints were defined in the certificate authority CA profile An attacker could submit a CSR for a subordinate CA certificate even if the CA configuration prohibited subordinate CA certi ficates This led to a bypass of the intended security policy possibly simplifying man in the middle attacks against users that trust Certificate System CAs Januar...

Page 19: ...ts and managing other aspects of certificate management can use the Certificate Sys tem subsystems web services pages to process certificate requests key recovery OCSP requests and CRLs and other functions The documentation for Certificate System includes the following guides Certificate System Administrator s Guide explains all administrative functions for the Certificate Sys tem such as adding u...

Page 20: ...LICENSE the latest version of this server is available at the following URL http 1httpd apache org Red Hat Certificate System CA DRM OCSP and TKS subsystems use a locally installed Tomcat 5 5 web server Although an appropriate server is installed when any of these subsystems are in stalled the latest version of this server is available at the following URL http 1tomcat apache org Red Hat Certifica...

Page 21: ...ctions for the latest ver sion and potentially a binary image are available at the following URL http 1www mozilla org 1rhino 1index html Red Hat Red Hat Certificate System requires a complete Red Hat Directory Server 7 1 binary and the open source portion of Certificate System is available at the following URL https 1rhn redhat com Copyrights and third party acknowledgments for portions of Red Ha...

Page 22: ...on All rights reserved The following license terms govern the identified modules and libraries e gate Smart Card Drivers for Windows 2000 XP Limited Warranty Exclusive Remedies Schlumberger warrants to the benefit of Customer only for a term of sixty 60 days from the date of acquisition of the e gate Smart Card Warranty Term that if operated as directed under normal use and service the Software wi...

Page 23: ...following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distri bution The names of its contributors may not be used ...

Page 24: ...AR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPE CIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LI ABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARIS...

Reviews:

No comments

Related manuals for CERTIFICATE 7.2 RELEASE NOTES

Canon Optura Pi Install Manual preview
Optura Pi
Brand: Canon Pages: 2
CA BABWBN2900E20 - BRIGHTSTOR ARC BACKUP V9... Manual preview
BABWBN2900E20 - BRIGHTSTOR ARC BACKUP V9...
Brand: CA Pages: 69
Arturia Analog Factory S.E. User Manual preview
Analog Factory S.E.
Brand: Arturia Pages: 31
NETGEAR GS700AT Series Installation Manual preview
GS700AT Series
Brand: NETGEAR Pages: 2
Teklynx Discover ActiveX Programmer'S Manual preview
Discover ActiveX
Brand: Teklynx Pages: 165
Canon DV Messenger 2 Instruction Manual preview
DV Messenger 2
Brand: Canon Pages: 40
Canon SELPHY CP400 User Manual preview
SELPHY CP400
Brand: Canon Pages: 97
Canon ScanGear CS-S 4.3 User Manual preview
ScanGear CS-S 4.3
Brand: Canon Pages: 109
Canon CanoScan FS2700F User Manual preview
CanoScan FS2700F
Brand: Canon Pages: 80
Canon Digital Video Software (Windows) Instruction Manual preview
Digital Video Software (Windows)
Brand: Canon Pages: 89
Canon CameraWindow Instruction Manual preview
CameraWindow
Brand: Canon Pages: 98
Canon Cloud Portal User Manual preview
Cloud Portal
Brand: Canon Pages: 88
Canon UFR II Driver Manual preview
UFR II
Brand: Canon Pages: 168
Canon Digital Camera Solution Disk V.27 Software & Wireless Manual preview
Digital Camera Solution Disk V.27
Brand: Canon Pages: 130
Canon Viewer for Pocket PC RV-P1.0 User Manual preview
Viewer for Pocket PC RV-P1.0
Brand: Canon Pages: 22
Canon S 530D Brochure & Specs preview
S 530D
Brand: Canon Pages: 2
Canon S830D - S Color Inkjet Printer User Manual preview
S830D - S Color Inkjet Printer
Brand: Canon Pages: 201
Canon WEBVIEW LIVESCOPE 3.2 User Manual preview
WEBVIEW LIVESCOPE 3.2
Brand: Canon Pages: 56

Brands by name

Popular brands

Load more brands