Red Hat CERTIFICATE 7.3 RELEASE NOTES Скачать руководство пользователя | Manualshive

Страница: 17 / 24

background image

Other Known Issues

17

4.4. Other Known Issues

These are other known issues in Red Hat Certificate System 7.3, with workarounds when appropriate.

Bug Number Description

Workaround

224612

During installation, there are RA SQLite dependency errors on
64-bit systems. This bug is caused by a configuration issue
on the machine that the 64-bit RA was being installed on.
The

sqlite-devel-3.3.5-1

and

libsqlite-3.2.1-1

packages must be removed before installing this component.

224994

CEP currently logs any authentication failures during
enrollment to the system log. These should log to the audit log.

228932

The Cisco router may sometimes print an "abort" message
when trying to download the CA certificate chain from a sub-
ordinate. This is only a warning message and can be ignored.

229246

There is no separate SSL port for clients to authenticate to the
RA.

See

Section 4.2, “Manually

Adding a New Port to the RA”

for workaround isntructions.

230914

AEP is supported in Certificate System 7.3, although it is
currently not documented.

233024

The auto enrollment proxy configuration is not added to
everyone's profile. This is typically occurs when configuring
the AEP proxy on Windows child domains where the local
administrator does not have permission to modify the

cn=configuration

tree in Active Directory. The simplest

workaround is to use the

Run as ..

option to authenticate as

the primary domain controller administrator and to then try to
modify the

cn=configuration

. This relates to the

Populate

AD

option in AEP.

234884

The Phone Home UI pops up for both enrolled and un-
initialized tokens on RHEL4 and MAC OS X, even though the
tokens contain phoneHome URLs.

Type in the Phone Home URL
and proceed.

234887

The Enterprise Security Client diagnostics logs are not visible
in the diagnostics window.

See

Section 4.3, “Viewing

Enterprise Security Client

Diagnostics Logs”

for

workaround isntructions.

235150

The TKS sub-system start/stop script currently does not check
that the package is installed before attempting to execute.

236795

In the Enterprise Security Client, the security officer mode does
not work on MAC OS X.

236857

In the RA agent page, the RA attempts to retrieve revocation
information for a certificate that the agent does not have
the rights to see. This is not an issue at present and can be
ignored.

236982

During certificate approval, the RA returns a message the
the assigned serial number is unavailable. This problem only
occurs on the approval page. If the user views the request

«
...
15
16
17
18
19
...
»

Содержание CERTIFICATE 7.3 RELEASE NOTES

Страница 1: ...e law Red Hat Red Hat Enterprise Linux the Shadowman logo JBoss MetaMatrix Fedora the Infinity Logo and RHCE are trademarks of Red Hat Inc registered in the United States and other countries Linux is the registered trademark of Linus Torvalds in the United States and other countries All other trademarks are the property of their respective owners 1801 Varsity Drive Raleigh NC 27606 2072 USA Phone ...

Страница 2: ...ed Hat Certificate System 1 New Features in Red Hat Certificate System 7 3 1 1 Registration Authority Red Hat Certificate System 7 3 supports a stand alone Registration Authority RA which supports the automatic issue of certificates to devices and servers The RA subsystem is a front end subsystem to the Certificate Authority CA and it performs local authentication requestor information gathering a...

Страница 3: ...Certificate Request is pending SCEP specifies two modes of operation RA mode CA mode In RA mode the enrollment request is encrypted with the RA signing certificate In CA mode the request is encrypted with the CA signing certificate The current Certificate System RA adn CA subsystems are implement so that SCEP is only supported in CA mode 1 3 Auto enrollment Proxy Red Hat Certificate System 7 3 sup...

Страница 4: ...S 4 for AMD64 and Intel EM64T Sun Solaris 9 for SPARC 64 bit 2 1 1 Server Requirements Component Details CPU Intel 2 0 GHz Pentium 4 or faster RAM 1 GB required Hard disk storage space Total is approximately 5 GB Total transient space required during installation 1 GB Hard disk storage space required for installation Space required to set up configure and run the server approximately 2 GB Addition...

Страница 5: ...oft Windows XP Professional i386 Red Hat Enterprise Linux AS 4 i386 Red Hat Enterprise Linux ES 4 i386 Red Hat Enterprise Linux AS 4 for AMD64 and Intel EM64T Red Hat Enterprise Linux ES 4 for AMD64 and Intel EM64T 2 3 Other Required Software Red Hat Directory Server 7 1 The source code and binaries for this component are available at https rhn redhat com through the Red Hat Directory Server 7 1 c...

Страница 6: ...e code for Red Hat Directory Server 7 1 is included with the ISO image downloaded for the 32 bit Red Hat Enterprise Linux version Red Hat Certificate System itself is not yet open source Red Hat Enterprise Linux systems can upgrade or download Red Hat Certificate System using up2date 3 2 Installation Notes Packages are non relocatable The Red Hat Certificate System base packages can not be install...

Страница 7: ...386 rpm JRE java 1 5 0 ibm devel 1 5 0 11 1 1jpp 3 el4 i386 rpm JDK These packages are recommended for 64 bit Red Hat Enterprise Linux systems java 1 5 0 ibm 1 5 0 11 1 1jpp 3 el4 1 x86_64 rpm JRE java 1 5 0 ibm devel 1 5 0 11 1 1jpp 3 el4 1 x86_64 rpm JDK WARNING Both the 32 bit xSeries Intel compatible and 64 bit AMD Opteron EM64T versions of the IBM J2SE JRE 5 0 RPM packages available through t...

Страница 8: ...strictions Errata RHSA 2010 0130 2 Bug 533125 CVE 2009 3555 TLS MITM attacks via session renegotiation Table 2 CVEs Fixed in JRE JDK Errata Updates 3 3 1 2 Installing the Required JRE and JDK on Red Hat Enterprise Linux 4 1 Download the java 1 5 0 ibm 1 5 0 11 1 1jpp 3 el4 and java 1 5 0 ibm devel 1 5 0 11 1 1jpp 3 el4 packages from the latest errata update Errata RHSA 2010 0130 3 2 Install the pa...

Страница 9: ...at Advance notification of Security Updates for Java SE 4 page from Sun Microsystems Bug Description Errata RHSA 2007 0963 5 Bug 321951 CVE 2007 5232 Security Vulnerability in Java Runtime Environment With Applet Caching Bug 321961 CVE 2007 5238 Vulnerabilities in Java Web Start allow to determine the location of the Java Web Start cache Bug 321981 CVE 2007 5239 Untrusted Application or Applet May...

Страница 10: ...empts to access some protected resource server initiated renegotiation asks client to authenticate with a certificate However the TLS SSL protocols did not use any mechanism to verify that session peers do not change during the session renegotiation Therefore a man in the middle attacker could use this flaw to open TLS SSL connections to the server send attacker chosen request to the server trigge...

Страница 11: ...t for information on what needs to be done for those clients It is unclear on when browser clients will have updates available and applied to use the new session renegotiation protocol If these clients aren t updated but the server is then the connections to the subsystem server may fail NOTE These changes are not required if all clients accessing Certificate Systems are upgraded to support RFC 57...

Страница 12: ...e in the uri line with the URL to the agent port The original line is uri profileSubmitSSLClient The updated line will look like the following uri https server example com 9444 ca ee ca profileSubmitSSLClient 7 Create a new end entities web services directory to contain the files for the new URL referenced in the ProfileSelect template file mkdir p var lib instance_name webapps ca ee ca cp var lib...

Страница 13: ...nt 100 scheme https secure true clientAuth true sslProtocol SSL 5 Restart the subsystem For example etc init d rhpki kra restart Procedure 3 For the OCSP and TKS 1 Update the NSS packages by installing the system nss packages up2date nss 2 Open the server xml file vim var lib instance_name conf server xml 3 Change the clientAuth directive in the agent connector to true For example Connector name A...

Страница 14: ...For example etc init d rhpki tps restart Procedure 5 For the RA 1 Update the NSS packages by installing the system nss packages and install the new RA packages up2date nss pki ra 2 On Linux systems only For an existing subsystem edit the init script to preload the system NSS library rather than dirsec nss vim etc init d instance_name 3 Remove the line LD_PRELOAD usr lib64 dirsec libssl3 so LD_PREL...

Страница 15: ... certificate to be renewed the first time they are asked to authenticate This is awkward To avoid this provide a second port to handle only end entity operations 1 Open the configuration directory cd var lib rhpki ra conf 2 Edit the nss conf file a At the top add another Listen line with a different port For example Listen 0 0 0 0 12889 b Search for an existing VirtualHost VirtualHost container co...

Страница 16: ...ure the logs manually so tha they can be viewed in the diagnostics window or with a text editor On Mac 1 Go to Applications ESC app Contents MacOS 2 Create an esc sh file as follows bin sh NSPR_LOG_FILE Library Application Support ESC Profiles esc log NSPR_LOG_MODULES tray 2 coolKeyLib 2 coolKey 2 coolKeyNSS 2 coolKeySmart 2 coolKeyHandler 2 BASE_DIR dirname 0 BASE_DIR xulrunner 3 Go to Applicatio...

Страница 17: ...ing the AEP proxy on Windows child domains where the local administrator does not have permission to modify the cn configuration tree in Active Directory The simplest workaround is to use the Run as option to authenticate as the primary domain controller administrator and to then try to modify the cn configuration This relates to the Populate AD option in AEP 234884 The Phone Home UI pops up for b...

Страница 18: ...sage similar to the following 1706 http 9080 Processor24 20 Apr 2007 05 47 23 PDT 20 3 CEP Enrollment Enrollment failed user used duplicate transaction ID To avoid this situation ensure that the Cisco router generates fresh sets of keys for SCEP enrollments 237353 If the user clicks a link in the agent interface too fast and too many times the server may return Broken pipe core_output_filter writi...

Страница 19: ...d as part of the operating system with its corresponding license located in usr share doc httpd version LICENSE the latest version of this server is available at the following URL http httpd apache org Red Hat Certificate System CA DRM OCSP and TKS subsystems use a locally installed Tomcat 5 5 web server Although an appropriate server is installed when any of these subsystems are installed the lat...

Страница 20: ...hino JavaScript for Java If any problems are found in this specific distribution the source code and build instructions for the latest version and potentially a binary image are available at the following URL http www mozilla org rhino index html 16 Red Hat Red Hat Certificate System requires a complete Red Hat Directory Server 7 1 binary and the open source portion of Certificate System is availa...

Страница 21: ...opyright 2002 by Olaf Kirch See license terms below for rights on both parts Some header files are from the pcsclite distribution Copyright 1999 David Corcoran MUSCLE smart card middleware and applets Copyright 1999 2002 David Corcoran Copyright 2002 Schlumberger Network Solution All rights reserved The following license terms govern the identified modules and libraries e gate Smart Card Drivers f...

Страница 22: ...r for Mac OS X Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclai...

Страница 23: ...OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE 7 Document History Revision 7 3 4 April 10 2010 Ella Deon Lackey dlackey redhat com Revising JRE JDK section ...

Страница 24: ...24 ...

Отзывы:

Нет отзывов

Похожие инструкции для CERTIFICATE 7.3 RELEASE NOTES

CONTRIBUTE 3 - USING AND ADMINISTERING...

Бренд: MACROMEDIA Страницы: 256

ALTIRIS 6 INVENTORY SOLUTION

Бренд: Symantec Страницы: 2

Бренд: AMX Страницы: 54

AltiContact Manager Version 5.0

Бренд: Altigen Страницы: 542

CLUSTER SUITE FOR ENTERPRISE LINUX 4.7

Бренд: Red Hat Страницы: 78

Active Management Technology v4.0

Бренд: Intel Страницы: 143

Бренд: GRASS VALLEY Страницы: 2

Бренд: Oracle Страницы: 140

Бренд: Cabletron Systems Страницы: 36

DREAMWEAVER 8-GETTING STARTED WITH...

Бренд: MACROMEDIA Страницы: 326

FLASH 8-DEVELOPING FLASH LITE 2.X

Бренд: MACROMEDIA Страницы: 94

Бренд: CAKEWALK Страницы: 18

Retail Data Warehouse

Бренд: Oracle Страницы: 35

Oracle7 Server 7.3

Бренд: Oracle Страницы: 202

Бренд: Calyx Страницы: 537

TonePrint Editor

Бренд: TC Electronic Страницы: 19

BlackArmor WS 110

Бренд: Seagate Страницы: 2

SYSTEMTWEAKER 2010 - V1

Бренд: UNIBLUE Страницы: 13

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды