pki.git/base/deploy, branch ticket-398 Unnamed repository; edit this file 'description' to name the repository. Move default location for client certificate database 2012-11-09T18:48:50+00:00 Matthew Harmsen mharmsen@redhat.com 2012-11-09T02:13:58+00:00 15c0c559b70e33694309fd2362605515aa33b0a3 * TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to 'pki-server' * TRAC Ticket #398 - Move default location for client certificate database 
* TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to
  'pki-server'
* TRAC Ticket #398 - Move default location for client certificate database
Enable Subordinate CA 2012-11-08T17:57:21+00:00 Matthew Harmsen mharmsen@redhat.com 2012-11-07T02:59:47+00:00 1e15712d2a6c45d2dd2ac64b3b76a757ca9de2e8 * TRAC Ticket #185 - Dogtag 10: Update PKI Deployment to handle subordinate CA 
* TRAC Ticket #185 - Dogtag 10: Update PKI Deployment to handle subordinate CA
Merged theme files. 2012-11-06T20:43:41+00:00 Endi Sukma Dewata edewata@redhat.com 2012-11-02T01:06:21+00:00 70a0dd855426c4bab4a17cb5b2731f48f049c4be Currently the theme files are copied into each subsystem during deployment creating duplicates. To reduce the problem the files should be combined into a common folder /pki. The process will be done over several patches. Initially this patch will copy the images and CSS files into /pki/images and /pki/css. Subsequent patches will update references to these files to the new location. When it's done, the files no longer need to be copied into each subsystem. Ticket #328 
Currently the theme files are copied into each subsystem during
deployment creating duplicates. To reduce the problem the files
should be combined into a common folder /pki.

The process will be done over several patches. Initially this patch
will copy the images and CSS files into /pki/images and /pki/css.
Subsequent patches will update references to these files to the new
location. When it's done, the files no longer need to be copied
into each subsystem.

Ticket #328
Convert admin cert from ascii to binary before importing into certdb 2012-11-05T03:13:21+00:00 Ade Lee alee@redhat.com 2012-11-02T20:44:47+00:00 a80e994148a81914858f82b14af5fad90e12533d Sometimes importing the ascii admin cert into th client certdb fails. The binary always appears to work though. 
Sometimes importing the ascii admin cert into th client certdb fails.
The binary always appears to work though.
Set paths for default instance 2012-11-05T03:12:57+00:00 Ade Lee alee@redhat.com 2012-10-26T16:36:14+00:00 db9537d210a20b90115374e5b406db6c9658bc3a With this patch, it will be possible to install a default instance simply by adding the passwords in the pkideployment.cfg. This file can then be used without additional alteration to add subsystems to the same instance, by re-running pkispawn against the config file. The patch makes sure that cert nicknames, database and baseDN , admin users and client db are unique per subsystem. An option is added to reuse the existing server cert generated by the first subsystem and copy the required data to all subsystems. Ticket 379, 385 
With this patch, it will be possible to install a default instance
simply by adding the passwords in the pkideployment.cfg.  This file
can then be used without additional alteration to add subsystems to the
same instance, by re-running pkispawn against the config file.

The patch makes sure that cert nicknames, database and baseDN , admin users
and client db are unique per subsystem.  An option is added to reuse the
existing server cert generated by the first subsystem and copy the
required data to all subsystems.

Ticket 379, 385
Allow a PKI instance to be installed/configured independently 2012-10-30T14:56:06+00:00 Matthew Harmsen mharmsen@redhat.com 2012-10-30T05:08:00+00:00 a957a3d2960d6ae39a7785cccb0656d5ac230701 * TRAC Ticket #286 - Dogtag 10: Create parameter for optionally allowing a user to skip configuration . . . 
* TRAC Ticket #286 - Dogtag 10: Create parameter for optionally allowing
  a user to skip configuration . . .
Enabled Tomcat security manager. 2012-10-27T04:32:31+00:00 Endi Sukma Dewata edewata@redhat.com 2012-10-02T16:40:35+00:00 5eab7fedf1c78610b5e030b9e07e93f32633e9ad The tomcat.conf and the template deployment configuration have been modified to enable the security manager. The operations script has been modified to generate a new catalina.policy from the standard Tomcat policy, the standard PKI policy and the custom policy every time the instance is started. The current catalina.policy has been changed to store a header for the dynamically generated catalina.policy. A new pki.policy has been added to store the default PKI security policy. An empty custom.policy has been added to store policy customization. Ticket #223 
The tomcat.conf and the template deployment configuration have been
modified to enable the security manager. The operations script has
been modified to generate a new catalina.policy from the standard
Tomcat policy, the standard PKI policy and the custom policy every
time the instance is started.

The current catalina.policy has been changed to store a header for
the dynamically generated catalina.policy. A new pki.policy has been
added to store the default PKI security policy. An empty
custom.policy has been added to store policy customization.

Ticket #223
Provide option to install, rather than replicate schema in a clone 2012-10-22T16:03:39+00:00 Ade Lee alee@redhat.com 2012-10-19T05:35:04+00:00 1c45197227a0d54b525d4b40f66aa96aeb4f2e6a 






Added pki_tomcat_cert_t type and interface to access it
2012-10-10T04:34:12+00:00

Ade Lee
alee@redhat.com

2012-10-10T04:16:57+00:00

c494bd03f8f4f82a4c06457dfc301a606b89e2dc

Added permissions to certmonger to access the certdb.  Also added
some missing selinux permissions for pki_tomcat_t





Added permissions to certmonger to access the certdb.  Also added
some missing selinux permissions for pki_tomcat_t







Renamed "shared" folder to "server".
2012-10-08T03:53:23+00:00

Endi Sukma Dewata
edewata@redhat.com

2012-10-04T00:09:08+00:00

79a3d828d4851afb66e3c18b812ae31171c39a6e

The "shared" folder in /usr/share/pki has been renamed
to "server" since it contains only server files.

Ticket #353





The "shared" folder in /usr/share/pki has been renamed
to "server" since it contains only server files.

Ticket #353