system environment/daemons

pki-ocsp - Dogtag Certificate System - Online Certificate Status Protocol Manager

Website: http://pki.fedoraproject.org/
License: GPLv2
Vendor: Fedora Project
Description:
Dogtag Certificate System is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

The Dogtag Online Certificate Status Protocol Manager is an optional
PKI subsystem that can act as a stand-alone Online Certificate
Status Protocol (OCSP) service.
The Dogtag Online Certificate Status Protocol Manager performs the task of an
online certificate validation authority by enabling OCSP-compliant clients to
do real-time verification of certificates.  Note that an online
certificate-validation authority is often referred to as an OCSP Responder.

Although the Dogtag Certificate Authority is already configured with an
internal OCSP service.  An external OCSP Responder is offered as a separate
subsystem in case the user wants the OCSP service provided outside of a
firewall while the Dogtag Certificate Authority resides inside of a firewall,
or to take the load of requests off of the Dogtag Certificate Authority.

The Dogtag Online Certificate Status Protocol Manager can receive Certificate
Revocation Lists (CRLs) from multiple Dogtag Certificate Authority servers,
and clients can query the Dogtag Online Certificate Status Protocol Manager
for the revocation status of certificates issued by all of these
Dogtag Certificate Authority servers.

When an instance of Dogtag Online Certificate Status Protocol Manager is
set up with an instance of Dogtag Certificate Authority, and publishing
is set up to this Dogtag Online Certificate Status Protocol Manager,
CRLs are published to it whenever they are issued or updated.

Packages

pki-ocsp-1.3.3-1.el5.src [78 KiB] Changelog by Matthew Harmsen (2010-08-04):
- Bugzilla Bug #608086 - CC: CA, OCSP, and DRM need to add more audit calls
- Bugzilla Bug #527593 - More robust signature digest alg, like SHA256
  instead of SHA1 for ECC
- Bugzilla Bug #528236 - rhcs80 web conf wizard - cannot specify CA signing
  algorithm
- Bugzilla Bug #533510 - tps exception, cannot start when signed audit true
- Bugzilla Bug #529280 - TPS returns HTTP data without ending in 0rn per
  RFC 2616
- Bugzilla Bug #498299 - Should not be able to change the status manually
  on a token marked as permanently lost or destroyed
- Bugzilla Bug #554892 - configurable frequency signed audit
- Bugzilla Bug #500700 - tps log rotation
- Bugzilla Bug #562893 - tps shutdown if audit logs full
- Bugzilla Bug #557346 - Name Constraints Extension cant be marked critical
- Bugzilla Bug #556152 - ACL changes to CA and OCSP
- Bugzilla Bug #556167 - ACL changes to CA and OCSP
- Bugzilla Bug #581004 - add more audit logging to the TPS
- Bugzilla Bug #566517 - CC: Add client auth to OCSP publishing, and move
  to a client-auth port
- Bugzilla Bug #565842 - Clone config throws errors - fix key_algorithm
- Bugzilla Bug #581017 - enabling log signing from tps ui pages causes tps
  crash
- Bugzilla Bug #581004 - add more audit logs
- Bugzilla Bug #595871 - CC: TKS needed audit message changes
- Bugzilla Bug #598752 - Common Criteria: TKS ACL analysis result.
- Bugzilla Bug #598666 - Common Criteria: incorrect ACLs for signedAudit
- Bugzilla Bug #504905 - Smart card renewal should load old encryption cert
  on the token.
- Bugzilla Bug #499292 - TPS - Enrollments where keys are recovered need
  to do both GenerateNewKey and RecoverLast operation for encryption key.
- Bugzilla Bug #498299 - fix case where no transitions available
- Bugzilla Bug #595391 - session domain table to be moved to ldap
- Bugzilla Bug #598643 - Common Criteria: incorrect ACLs (non-existing groups)
- Bugzilla Bug #504359 - pkiconsole - Administrator Group's Description
  References Fedora

Listing created by Repoview-0.6.6-1.el6