- Issued:
- 2013-12-24
- Updated:
- 2014-01-02
RHEA-2013:1871 - Product Enhancement Advisory
Synopsis
Red Hat Certificate System (TMS) enhancement and bug fix update
Type/Severity
Product Enhancement Advisory
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
Red Hat Certificate System 8.1 is now available.
This update to Red Hat Certificate System fixes bugs and adds support
for more flexible token recovery operations.
Description
Red Hat Certificate System is a complete implementation of an enterprise
software system designed to manage enterprise public key infrastructure
(PKI) deployments.
Certificate System is comprised of six highly-configurable subsystems,
which each perform separate but related functions within a PKI, such
as issuing keys and certificates, storing keys, and processing smart
cards.
This update affects three of the PKI subsystems:
- The Certificate Authority (CA), which is the core PKI component and
issues certificates.
- The Data Recovery Manager (DRM), which stores and retrieves private
encryption keys. While this is typically an optional subsystem, some of
the new functionality in this errata requires a DRM instance.
- The Token Processing System (TPS) registers and manages smart cards
(tokens).
This release introduces two new features for the TPS which improve the
lifecycle maintenance for the PKI and for managing user tokens.
- Revocation routing allows revocation requests to be sent to whatever
CA issued the original certificates, even if it has been retired. This
creates a list of possible CAs to handle revocation requests and then
iterates through the list for each revocation request until the issuing
CA is identified.
- Adding existing certificates to a token uses the information in an LDAP
user entry to determine what certificates should be on a token. This
simplifies management of shared or team certificates and can allow
certain functions to be delegated (such as allowing an assistant to
read encrypted emails and files by using an executive's certificate).
This errata release also includes several bug fixes to token
management, including:
- Transitioning a certificate from temporarily lost to permanently lost
did not automatically revoke the certificates. (BZ#955660)
- The TPS used to crash if a certificate was issued with a common name
longer than 64 bytes. (BZ#963073)
- If an encryption key was recovered to a token, some Microsoft
applications could not read the token or recognize the key. (BZ#968021)
All Red Hat Enterprise Certificate System users are advised to upgrade
their CA, DRM, and TPS instances to this new release. The full upgrade
process is covered in the Release Notes:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/8.1.1_Release_Notes/index.html
Solution
Before applying this update, make sure all previously released errata
relevant to your system have been applied.
To update all RPMs for your particular architecture, run:
rpm -Fvh [filenames]
where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.
Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:
up2date
This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.
Affected Products
- Red Hat Certificate System 8 x86_64
- Red Hat Certificate System 8 i386
Fixes
(none)CVEs
(none)
References
(none)
Red Hat Certificate System 8
SRPM | |
---|---|
pki-ca-8.1.6-1.el5pki.src.rpm | SHA-256: c59b333ffe00bb9de74c1ef1125c15b765c0ac152e5015ed4240c45500a61411 |
pki-common-8.1.12-1.el5pki.src.rpm | SHA-256: aa95e3c13c7f4b76c894f88d2ef1a1e56cde850ab0be043dddd460a6b576f11a |
pki-kra-8.1.4-1.el5pki.src.rpm | SHA-256: d3b90c72cfd12688111a95178d214aa6fe847607616696cc6e23d5669045592c |
pki-tps-8.1.13-1.el5pki.src.rpm | SHA-256: 53223d1f7a92a842567cd25f15d34ccd5a85c2b25ea4b00196d757ebb98efbd8 |
x86_64 | |
pki-ca-8.1.6-1.el5pki.noarch.rpm | SHA-256: 1374b1f42d81f791b005694656b353c9207486131deacdfa702366cfea94f0cc |
pki-common-8.1.12-1.el5pki.noarch.rpm | SHA-256: beabd06e3f7a07be9949c590fe826cb516a724f04dccf5ff6961f8a55fa3a25f |
pki-common-javadoc-8.1.12-1.el5pki.noarch.rpm | SHA-256: 71a038e500a223afe24c0a8118872a474d0bdf7cf010f3160b292f20f69e6620 |
pki-kra-8.1.4-1.el5pki.noarch.rpm | SHA-256: 3e24891d4698084fdd859b2fcfedbfd1039619bca888b22a19f48990a6756482 |
pki-tps-8.1.13-1.el5pki.x86_64.rpm | SHA-256: 33d110a41f83d2584acb8bfcfbfb57cb0124898acad258dea7f5720d1adae5b7 |
i386 | |
pki-ca-8.1.6-1.el5pki.noarch.rpm | SHA-256: 1374b1f42d81f791b005694656b353c9207486131deacdfa702366cfea94f0cc |
pki-common-8.1.12-1.el5pki.noarch.rpm | SHA-256: beabd06e3f7a07be9949c590fe826cb516a724f04dccf5ff6961f8a55fa3a25f |
pki-common-javadoc-8.1.12-1.el5pki.noarch.rpm | SHA-256: 71a038e500a223afe24c0a8118872a474d0bdf7cf010f3160b292f20f69e6620 |
pki-kra-8.1.4-1.el5pki.noarch.rpm | SHA-256: 3e24891d4698084fdd859b2fcfedbfd1039619bca888b22a19f48990a6756482 |
pki-tps-8.1.13-1.el5pki.i386.rpm | SHA-256: 78bbfdcea739fb87c9903bb168adf98097f3e782691e2dbab57a8ef52591c438 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.