Announcing the release of Dogtag 10.0.4
by Ade Lee
The Dogtag team is proud to announce the fourth errata build for
Dogtag 10.0.
Builds are available for Fedora 18 and Fedora 19 in the updates-testing
repositories. Please try them out and provide karma to move them to the
F18 and F19 stable repositories.
== Build Versions ==
pki-core-10.0.4-1
pki-ra-10.0.4-1
pki-tps-10.0.4-1
dogtag-pki-10.0.4-1
dogtag-pki-theme-10.0.4-1
pki-console-10.0.4-1
== Highlights since Dogtag 10.0.3 ==
* Enhanced pkispawn to provide automatic backup and restore mechanism
for files modified during the upgrade process.
* Improved the summary information at the end of pkispawn to include,
among other things, the location of the agent PKCS #12 file.
* Fixes to pkispawn and the installation servlets to fix cloning.
* Fix to pkispawn to correctly overwrite the pki_issuing_ca when
configuring with an external CA. This resolves an issue reported by IPA
in BZ #986901.
* Numerous fixes to resolve build issues on F19 and RHEL.
== Detailed Changes since Dogtag 10.0.3 ==
akoneru (1):
#645 Display the admin p12 file location in the installation summary
alee (6):
#680 Missing apache-commons-cli dependency
#665 cloning is broken for second instance in shared subsystems
BZ #973224 - resteasy-base must be split into subpackages
-- Add build dependency on systemd to fix build failures on f19.
-- Modify pkispawn to handle case where no subsystem certs are generated
-- Modify java-tools startup scripts to use correct JNI path
awnuk (1):
BZ #961522 - Allow key to be exported.
cfu (1):
BZ #971561 - server-side key generation causes NullPointerException
if a parameter is not supplied by the caller (TPS)
edewata (6)
#582 Man page for pki-upgrade
#583 Automatic backup and rollback on upgrade
BZ #986901 - Fix confguration issues with external CA.
BZ #985111 - token authentication problem on rhel
-- Removing JNI_JAR_DIR from /etc/pki/pki.conf.
-- Fixed library paths for RHEL.
mharmsen (2):
BZ #986506 - exclude pki-kra, pki-ocsp and pki-tks from rhel
BZ #975939 - RHCS 8.1: "END CERTIFICATE" tag is not on it's own line
11 years, 5 months
Creation of a server certificate with an itermediary CA attribute
by Taggart, Michelle
Hi,
I'm quite new at the concept, but is there a way to clone a server certificate profile and give it an intermediary CA attribute? I'm trying to generate a cert that a proxy server uses to decrypt SSL traffic. The CSR that the proxy creates requests for a server certificate with subCA ability, for issuing certificates.
Thanks,
Michelle T
11 years, 5 months
Generate certificate for proxy using a PKCS#7 as the CSR
by Taggart, Michelle
Hi,
I'm working on getting a CSR approved through Dogtag 10.0.3 on Fedora Core 19. The CSR is in PKCS#7 format. I'm using the Manual Certificate Manager Signing Certificate Enrollment form since I need the certificate to be an intermediary CA. After submitting the form, I get an "Sorry, your request has been rejected. The reason is "Request Rejected - {0}" error. Any ideas on what's causing this?
Thanks,
Michelle Taggart
11 years, 5 months
