The hardware and bandwidth for this mirror is donated by dogado GmbH, the Webhosting and Full Service-Cloud Provider. Check out our Wordpress Tutorial.
If you wish to report a bug, or if you are interested in having us mirror your free-software or open-source project, please feel free to contact us at mirror[@]dogado.de.

system environment/base

Jump to letter: [ 3ABCDEFGHIJKLMNOPQRSTUVWXYZ ]

pki-server - Certificate System - PKI Server Framework

Website: http://pki.fedoraproject.org/
License: GPLv2
Vendor: Scientific Linux
Description:
The PKI Server Framework is required by the following four PKI subsystems:

    the Certificate Authority (CA),
    the Key Recovery Authority (KRA),
    the Online Certificate Status Protocol (OCSP) Manager,
    the Token Key Service (TKS), and
    the Token Processing Service (TPS).

This package is a part of the PKI Core used by the Certificate System.
The package contains scripts to create and remove PKI subsystems.


==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================

Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

PKI Core contains ALL top-level java-based Tomcat PKI components:

  * pki-symkey
  * pki-base
  * pki-base-python2 (alias for pki-base)
  * pki-base-python3
  * pki-base-java
  * pki-tools
  * pki-server
  * pki-ca
  * pki-kra
  * pki-ocsp
  * pki-tks
  * pki-tps
  * pki-javadoc

which comprise the following corresponding PKI subsystems:

  * Certificate Authority (CA)
  * Key Recovery Authority (KRA)
  * Online Certificate Status Protocol (OCSP) Manager
  * Token Key Service (TKS)
  * Token Processing Service (TPS)

Python clients need only install the pki-base package.  This
package contains the python REST client packages and the client
upgrade framework.

Java clients should install the pki-base-java package.  This package
contains the legacy and REST Java client packages.  These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.

Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools.  The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.

Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
    * dogtag-pki-server-theme
  * redhat-pki-server-theme (Red Hat Certificate System deployments)
    * redhat-pki-server-theme
  * customized pki theme (Customized Certificate System deployments)
    * <customized>-pki-server-theme

  NOTE:  As a convenience for standalone deployments, top-level meta
         packages may be provided which bind a particular theme to
         these certificate server packages.

Packages

pki-server-10.5.18-24.el7_9.noarch [2.9 MiB] Changelog by Dogtag Team (2022-10-26): 
- ##########################################################################
- # RHEL 7.9 (Batch Update 19):
- ##########################################################################
- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
  entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
- ##########################################################################
- # RHCS 9.7 (Batch Update 19):
- ##########################################################################
- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
  entities when parsing XML can lead to XXE [certificate_system_9.7.z]
  (ckelley, mharmsen)
pki-server-10.5.18-23.el7_9.noarch [2.9 MiB] Changelog by Dogtag Team (2022-10-10): 
- ##########################################################################
- # RHEL 7.9 (Batch Update 18):
- ##########################################################################
- Bugzilla Bug #2107329 - CVE-2022-2414 pki-core: access to external
  entities when parsing XML can lead to XXE [rhel-7.9.z] (ckelley, mharmsen)
- Bugzilla Bug #2111514 - CVE-2022-2393 pki-core: When using the
  caServerKeygen_DirUserCert profile, user can get certificates for other
  UIDs by entering name in Subject field [rhel-7.9] (cfu, ckelley)
- ##########################################################################
- # RHCS 9.7 (Batch Update 18):
- ##########################################################################
- Bugzilla Bug #2107325 - CVE-2022-2414 pki-core: access to external
  entities when parsing XML can lead to XXE [certificate_system_9.7.z]
  (ckelley, mharmsen)
- Bugzilla Bug #2111493 - CVE-2022-2393 pki-core: When using the
  caServerKeygen_DirUserCert profile, user can get certificates for other
  UIDs by entering name in Subject field [rhcs_9.7] (cfu, ckelley)
pki-server-10.5.18-17.el7_9.noarch [2.9 MiB] Changelog by Dogtag Team (2021-09-15): 
- ##########################################################################
- # RHEL 7.9 (Batch Update 8):
- ##########################################################################
- Bugzilla Bug 1958788 - ipa: ERROR: Request failed with status 500: Non-2xx
  response from CA REST API: 500 [ftweedal, ckelley]
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
  pki-console to 10.5.18 in RHCS 9.7 (Batch Update 7)
pki-server-10.5.18-12.el7_9.noarch [2.9 MiB] Changelog by Dogtag Team (2021-02-24): 
- Change variable 'TPS' to 'tps'
- ##########################################################################
- # RHEL 7.9:
- ##########################################################################
- Bugzilla Bug 1883639 - Add KRA Transport and Storage Certificates
  profiles, audit for IPA (edewata)
- ##########################################################################
- # Backported CVEs (ascheel):
- ##########################################################################
- Bugzilla Bug 1724697 - CVE-2019-10180 pki-core: unsanitized token
  parameters in TPS resulting in stored XSS [certificate_system_9-default]
  (edewata, ascheel)
- Bugzilla Bug 1725128 - CVE-2019-10178 pki-core: stored Cross-site
  scripting (XSS) in the pki-tps web Activity tab
  [certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1791100 - CVE-2020-1696 pki-core: Stored XSS in TPS profile
  creation [certificate_system_9-default] (edewata, ascheel)
- Bugzilla Bug 1724688 - CVE-2019-10146 pki-core: Reflected Cross-Site
  Scripting in 'path length' constraint field in CA's Agent page
  [rhel-7.9.z] (dmoluguw, ascheel)
- Bugzilla Bug 1789843 - CVE-2019-10221 pki-core: reflected cross site
  scripting in getcookies?url= endpoint in CA [rhel-7.9.z]
  (dmoluguw, ascheel)
- Bugzilla Bug 1724713 - CVE-2019-10179 pki-core: pki-core/pki-kra:
  Reflected XSS in recoveryID search field at KRA's DRM agent page in
  authorize recovery tab [rhel-7.9.z] (ascheel)
- Bugzilla Bug 1798011 - CVE-2020-1721 pki-core: KRA vulnerable to
  reflected XSS via the getPk12 page [rhel-7.9.z] (ascheel,jmagne)
- ##########################################################################
- Update to jquery v3.4.1 (ascheel)
- Update to jquery-i18n-properties v1.2.7 (ascheel)
- Update to backbone v1.4.0 (ascheel)
- Upgrade to underscore v1.9.2 (ascheel)
- Update to patternfly v3.59.3 (ascheel)
- Update to jQuery v3.5.1 (ascheel)
- Upgrade to bootstrap v3.4.1 (ascheel)
- Link in new Bootstrap CSS file (ascheel)
- ##########################################################################
- # RHCS 9.7:
- ##########################################################################
- # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
pki-server-10.5.16-3.el7.noarch [2.8 MiB] Changelog by Dogtag Team (2019-06-20): 
- ##########################################################################
- # RHEL 7.7:
- ##########################################################################
- Bugzilla Bug #1638379 - PKI startup initialization process should not
  depend on LDAP operational attributes [ftweedal]
- ##########################################################################
- # RHCS 9.5:
- ##########################################################################
- Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
  pki-console to 10.5.16 in RHCS 9.5
pki-server-10.5.1-13.1.el7_5.noarch [2.8 MiB] Changelog by Dogtag Team (2018-06-09): 
- Rebuild due to build system database problem
pki-server-10.4.1-11.el7.noarch [2.8 MiB] Changelog by Dogtag Team (2017-07-17): 
- Resolves: rhbz #1469432
- ##########################################################################
- RHEL 7.4:
- ##########################################################################
- Bugzilla Bug #1469432 - CMC plugin default change
- Resolves CVE-2017-7537
- Fixes BZ #1470948
pki-server-10.3.3-17.el7_3.noarch [2.7 MiB] Changelog by Dogtag Team (2017-01-30): 
- ## RHCS 9.1.z Batch Update 3
- Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS
  tokendb shows different certificate status (cfu)
- ## RHEL 7.3.z Batch Update 3
- Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System
  8.1 fail NIST validation test with parameter field. (cfu)
- Bugzilla Bug #1417064 - Unable to search certificate requests using the
  latest request ID (edewata)
- Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website
  incorrect (alee)
- Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will
  not finish start, hangs (ftweedal)
- Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert
  (edewata)
- Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6
  environment. (edewata)
pki-server-10.3.3-10.el7.noarch [3.0 MiB] Changelog by Dogtag Team (2016-09-09): 
- Revert Patch:  PKI TRAC Ticket #2449 - Unable to create system certificates
  in different tokens (edewata)
- Removes from Errata:  rhbz #1372041 - Unable to create system certificates
  in different tokens
pki-server-10.2.5-6.el7.noarch [2.9 MiB] Changelog by Dogtag Team (2015-09-21): 
- Bugzilla Bug #1258630 - Upgraded CA lacks ca.sslserver.certreq
  in CS.cfg [edewata]
- Bugzilla Bug #1258634 - CA fails to authenticate to KRA for
  archival [edewata]

Listing created by Repoview-0.6.6-4.el7

These binaries (installable software) and packages are in development.
They may not be fully stable and should be used with caution. We make no claims about them.
Health stats visible at Monitor.