Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

8.178. pki-core

Updated pki-core packages that fix one bug are now available for Red Hat Enterprise Linux 6.
Red Hat Certificate System is an enterprise software system designed to manage enterprise public key infrastructure (PKI) deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority (CA) subsystem.
Note: The Certificate Authority component provided by this advisory cannot be used as a standalone server. It is installed and operates as a part of Identity Management (the IPA component) in Red Hat Enterprise Linux.
This update fixes the following bug:

Bug Fix

BZ#1146818
Several Java import statements specify wildcard arguments. However, due to the use of "wildcards arguments" in the import statements of the source code contained in the Red Hat Enterprise Linux 6 maintenance branch, a name space collision created the potential for a wrong class to be utilized. As a consequence, the Token Processing System (TPS) rebuild test failed with an error message. This update addresses the bug by supplying the fully named class in all of the contentious areas, and TPS rebuild test no longer fails.
Note: The Certificate Authority component provided by this advisory cannot be used as a standalone server. It is installed and operates as a part of Identity Management (the IPA component) in Red Hat Enterprise Linux.
Users of pki-core are advised to upgrade to these updated packages, which fix this bug.
Updated pki-core packages that fix several bugs and add one enhancement are now available for Red Hat Enterprise Linux 6.
Red Hat Certificate System is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments. PKI Core contains fundamental packages required by Red Hat Certificate System, which comprise the Certificate Authority (CA) subsystem.
Note: The Certificate Authority component provided by this advisory cannot be used as a standalone server. It is installed and operates as a part of Identity Management (the IPA component) in Red Hat Enterprise Linux.
This update fixes the following bugs:

Bug Fixes

BZ#1024462
Previously, the IPA CA certificate was created with SHA1 signing algorithm, instead of SHA256. A patch has been provided to fix this bug, and the certification is now correct.
BZ#1051382
Prior to this update, IPA Replica installation failed when using an external CA certificate. The interoperability problems have been fixed, and IPA again works with external CA certificates.
BZ#1055080
Previously, the pki utility generated copious debug log, filling up the /var/log file system with log messages. This update implements the log rotation functionality, thus fixing the bug.
BZ#1083170
When the LANG variable for specifying a locale was set to "tr_TR.UTF8", the installation of IPA became unresponsive. This update prevents Lightweight Directory Access Protocol (LDAP) attributes from being affected by LANG, and IPA no longer hangs.
BZ#1096142
Previously, the setup of the IPA replica failed during external CA Certificate setup with "unable to parse xml" error message. The underlying source code has been patched, and the setup of the replica system now works flawlessly.
BZ#1109181
Due to Access Vector Cache (AVC) denial messages in the audit.log file, the certmonger daemon could not start tracking Public Key Infrastructure (PKI) certificates. Consequently, errors during FreeIPA installation occurred. This update provides a patch for AVC, and certmonger now starts tracking PKI certificates as intended.
BZ#1123811
While installing the IPA Server, numerous Access Vector Cache (AVC) denial messages were stored in audit.log. However, AVC messages were not a blocker and installation proceeded successfully. The problematic source code has been patched, and IPA Public Key Infrastructure (PKI) clone certificate renewal no longer produces AVC denial messages.
Note: The Certificate Authority component provided by this advisory cannot be used as a standalone server. It is installed and operates as a part of Identity Management (the IPA component) in Red Hat Enterprise Linux.
In addition, this update adds the following

Enhancement

BZ#1061442
With this update, the "CS.cfg" file is automatically backed up to "CS.cfg.bak" following a successful restart of any configured PKI instance.
Users of pki-core are advised to upgrade to these updated packages, which fix these bugs and add this enhancement.