Jump to letter: [
3ABCDEFGHIJKLMNOPQRSTUVWXZ
]
pki-server - Certificate System - PKI Server Framework
- Description:
The PKI Server Framework is required by the following four PKI subsystems:
the Certificate Authority (CA),
the Key Recovery Authority (KRA),
the Online Certificate Status Protocol (OCSP) Manager,
the Token Key Service (TKS), and
the Token Processing Service (TPS).
This package is a part of the PKI Core used by the Certificate System.
The package contains scripts to create and remove PKI subsystems.
==================================
|| ABOUT "CERTIFICATE SYSTEM" ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains ALL top-level java-based Tomcat PKI components:
* pki-symkey
* pki-base
* pki-base-python2 (alias for pki-base)
* pki-base-python3
* pki-base-java
* pki-tools
* pki-server
* pki-ca
* pki-kra
* pki-ocsp
* pki-tks
* pki-tps
* pki-javadoc
which comprise the following corresponding PKI subsystems:
* Certificate Authority (CA)
* Key Recovery Authority (KRA)
* Online Certificate Status Protocol (OCSP) Manager
* Token Key Service (TKS)
* Token Processing Service (TPS)
Python clients need only install the pki-base package. This
package contains the python REST client packages and the client
upgrade framework.
Java clients should install the pki-base-java package. This package
contains the legacy and REST Java client packages. These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.
Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools. The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.
Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:
* dogtag-pki-theme (Dogtag Certificate System deployments)
* dogtag-pki-server-theme
* redhat-pki-server-theme (Red Hat Certificate System deployments)
* redhat-pki-server-theme
* customized pki theme (Customized Certificate System deployments)
* <customized>-pki-server-theme
NOTE: As a convenience for standalone deployments, top-level meta
packages may be provided which bind a particular theme to
these certificate server packages.
Packages
pki-server-10.5.18-24.el7_9.noarch
[2.9 MiB] |
Changelog
by Dogtag Team (2022-10-26):
- ##########################################################################
- # RHEL 7.9 (Batch Update 19):
- ##########################################################################
- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
- ##########################################################################
- # RHCS 9.7 (Batch Update 19):
- ##########################################################################
- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [certificate_system_9.7.z]
(ckelley, mharmsen)
|
pki-server-10.5.18-23.el7_9.noarch
[2.9 MiB] |
Changelog
by Dogtag Team (2022-10-10):
- ##########################################################################
- # RHEL 7.9 (Batch Update 18):
- ##########################################################################
- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
- Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
- ##########################################################################
- # RHCS 9.7 (Batch Update 18):
- ##########################################################################
- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
entities when parsing XML can lead to XXE [certificate_system_9.7.z]
(ckelley, mharmsen)
- Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the
caServerKeygen_DirUserCert profile, user can get certificates for other
UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)
|
pki-server-10.5.18-17.el7_9.noarch
[2.9 MiB] |
Changelog
by Dogtag Team (2021-09-15):
- ##########################################################################
- # RHEL 7.9 (Batch Update 8):
- ##########################################################################
- Bugzilla Bug 1958788 - ipa: ERROR: Request failed with status 500: Non-2xx
response from CA REST API: 500 [ftweedal, ckelley]
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)
|
pki-server-10.5.18-12.el7_9.noarch
[2.9 MiB] |
Changelog
by Dogtag Team (2021-02-24):
- Change variable 'TPS' to 'tps'
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug 1883639 - Add KRA Transport and Storage Certificates
profiles, audit for IPA (edewata)
- ##########################################################################
- # Backported CVEs (ascheel):
- ##########################################################################
- Bugzilla Bug 1724697 - CVE-2019-10180 pki-core: unsanitized token
parameters in TPS resulting in stored XSS [certificate_system_9-default]
(edewata, ascheel)
- Bugzilla Bug 1725128 - CVE-2019-10178 pki-core: stored Cross-site
scripting (XSS) in the pki-tps web Activity tab
[certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1791100 - CVE-2020-1696 pki-core: Stored XSS in TPS profile
creation [certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1724688 - CVE-2019-10146 pki-core: Reflected Cross-Site
Scripting in 'path length' constraint field in CA's Agent page
[rhel-7.9.z] (dmoluguw, ascheel)
- Bugzilla Bug 1789843 - CVE-2019-10221 pki-core: reflected cross site
scripting in getcookies?url= endpoint in CA [rhel-7.9.z]
(dmoluguw, ascheel)
- Bugzilla Bug 1724713 - CVE-2019-10179 pki-core: pki-core/pki-kra:
Reflected XSS in recoveryID search field at KRA's DRM agent page in
authorize recovery tab [rhel-7.9.z] (ascheel)
- Bugzilla Bug 1798011 - CVE-2020-1721 pki-core: KRA vulnerable to
reflected XSS via the getPk12 page [rhel-7.9.z] (ascheel,jmagne)
- ##########################################################################
- Update to jquery v3.4.1 (ascheel)
- Update to jquery-i18n-properties v1.2.7 (ascheel)
- Update to backbone v1.4.0 (ascheel)
- Upgrade to underscore v1.9.2 (ascheel)
- Update to patternfly v3.59.3 (ascheel)
- Update to jQuery v3.5.1 (ascheel)
- Upgrade to bootstrap v3.4.1 (ascheel)
- Link in new Bootstrap CSS file (ascheel)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
|
pki-server-10.5.16-3.el7.noarch
[2.8 MiB] |
Changelog
by Dogtag Team (2019-06-20):
- ##########################################################################
- # RHEL 7.7:
- ##########################################################################
- Bugzilla Bug #1638379 - PKI startup initialization process should not
depend on LDAP operational attributes [ftweedal]
- ##########################################################################
- # RHCS 9.5:
- ##########################################################################
- Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-console to 10.5.16 in RHCS 9.5
|