pki.git/base/server/etc, branch branch-10.2.7-dev1 Unnamed repository; edit this file 'description' to name the repository. Install tools clean-up. 2016-04-02T06:24:31+00:00 Endi S. Dewata edewata@redhat.com 2016-03-30T02:29:11+00:00 1bbb28fb2f0cbc023b7182d42b3def0891d34b47 Some variables in pkispawn and pkidestroy have been renamed for clarity. The unused PKI_CERT_DB_PASSWORD_SLOT variable has been removed. The constant pki_self_signed_token property has been moved into default.cfg. https://fedorahosted.org/pki/ticket/2247 
Some variables in pkispawn and pkidestroy have been renamed for
clarity.

The unused PKI_CERT_DB_PASSWORD_SLOT variable has been removed.

The constant pki_self_signed_token property has been moved into
default.cfg.

https://fedorahosted.org/pki/ticket/2247
Additional clean-ups for PKCS #12 utilities. 2016-04-02T05:48:04+00:00 Endi S. Dewata edewata@redhat.com 2016-03-17T14:23:34+00:00 9bd9548d5c1718ad8159f2134f170649c092a581 The pki_server_external_cert_path has been renamed to pki_server_external_certs_path to match the file name. A default pki_server_external_certs_path has been added to default.cfg. The pki pkcs12-export has been modified to export into existing PKCS #12 file by default. The pki-server instance-cert-export has been modified to accept a list of nicknames to export. https://fedorahosted.org/pki/ticket/1742 
The pki_server_external_cert_path has been renamed to
pki_server_external_certs_path to match the file name.

A default pki_server_external_certs_path has been added to
default.cfg.

The pki pkcs12-export has been modified to export into existing
PKCS #12 file by default.

The pki-server instance-cert-export has been modified to accept a
list of nicknames to export.

https://fedorahosted.org/pki/ticket/1742
Added mechanism to import system certs via PKCS #12 file. 2016-04-02T04:22:41+00:00 Endi S. Dewata edewata@redhat.com 2016-02-19T07:42:30+00:00 58406095925cd3d26ab8eab0c7c7e99cdddf21ea The installation tool has been modified to provide an optional pki_server_pkcs12_path property to specify a PKCS #12 file containing certificate chain, system certificates, and third-party certificates needed by the subsystem being installed. If the pki_server_pkcs12_path is specified the installation tool will no longer download the certificate chain from the security domain directly, and it will no longer import the PKCS #12 containing the entire master NSS database specified in pki_clone_pkcs12_path. For backward compatibility, if the pki_server_pkcs12_path is not specified the installation tool will use the old mechanism to import the system certificates. The ConfigurationUtils.verifySystemCertificates() has been modified not to catch the exception to help troubleshooting. https://fedorahosted.org/pki/ticket/1742 
The installation tool has been modified to provide an optional
pki_server_pkcs12_path property to specify a PKCS #12 file
containing certificate chain, system certificates, and third-party
certificates needed by the subsystem being installed.

If the pki_server_pkcs12_path is specified the installation tool
will no longer download the certificate chain from the security
domain directly, and it will no longer import the PKCS #12
containing the entire master NSS database specified in
pki_clone_pkcs12_path.

For backward compatibility, if the pki_server_pkcs12_path is not
specified the installation tool will use the old mechanism to
import the system certificates.

The ConfigurationUtils.verifySystemCertificates() has been modified
not to catch the exception to help troubleshooting.

https://fedorahosted.org/pki/ticket/1742
Added mechanism to import existing CA certificate. 2016-02-23T03:19:30+00:00 Endi S. Dewata edewata@redhat.com 2015-11-06T23:09:19+00:00 bc0de424aa8c56d2278e41b7786ca202b7e64cc3 The deployment procedure for external CA has been modified such that it generates the CA CSR before starting the server. This allows the same procedure to be used to import CA certificate from an existing server. It also removes the requirement to keep the server running while waiting to get the CSR signed by an external CA. https://fedorahosted.org/pki/ticket/456 (cherry picked from commit 20c985ae773b26f653cac6d22bd9d93923e18c8e) 
The deployment procedure for external CA has been modified
such that it generates the CA CSR before starting the server.
This allows the same procedure to be used to import CA
certificate from an existing server. It also removes the
requirement to keep the server running while waiting to get
the CSR signed by an external CA.

https://fedorahosted.org/pki/ticket/456
(cherry picked from commit 20c985ae773b26f653cac6d22bd9d93923e18c8e)
Add code to reindex data during cloning without replication 2015-07-31T22:35:30+00:00 Ade Lee alee@redhat.com 2015-07-29T18:23:35+00:00 7c4bc2480c0cb0b4bb816ec090e9673bdddce047 When setting up a clone, indexes are added before the replication agreements are set up and the consumer is initialized. Thus, as data is replicated and added to the clone db, the data is indexed. When cloning is done with the replication agreements already set up and the data replicated, the existing data is not indexed and cannot be accessed in searches. The data needs to be reindexed. Related to ticket 1414 
When setting up a clone, indexes are added before the
replication agreements are set up and the consumer is initialized.
Thus, as data is replicated and added to the clone db, the
data is indexed.

When cloning is done with the replication agreements already set
up and the data replicated, the existing data is not indexed and
cannot be accessed in searches.  The data needs to be reindexed.

Related to ticket 1414
Add certutil options for ECC 2015-07-29T02:43:39+00:00 Matthew Harmsen mharmsen@redhat.com 2015-07-29T01:56:26+00:00 f9102b8df60d50e00d2a45915d06837510cfd1aa - PKI TRAC Ticket #1524 - pkispawn: certutil options incorrect for creating ecc admin certificate 
- PKI TRAC Ticket #1524 - pkispawn: certutil options incorrect for creating
  ecc admin certificate
ticket 867 symkey library path link fix 2015-06-18T22:33:26+00:00 Christina Fu cfu@redhat.com 2015-06-17T21:25:33+00:00 311650625be0c8e5f42c71c7d5020e5a11ecf034 






Ticket 867 Need to support TPS as a separate tomcat instance.
2015-06-01T22:00:20+00:00

Christina Fu
cfu@redhat.com

2015-05-29T22:47:02+00:00

f9b461b78032e1b232037ae7420828f90935b51a

 This patch addressed the issue that TPS on independent Tomcat is missing
 symlink to symkey.jar and causes all symkey method reference to fail





 This patch addressed the issue that TPS on independent Tomcat is missing
 symlink to symkey.jar and causes all symkey method reference to fail







Fixed overwritten deployment property.
2015-05-29T20:46:35+00:00

Endi S. Dewata
edewata@redhat.com

2015-05-29T19:04:40+00:00

ea2341c5078b1a518b55456ad71661758dab325e

The pki_pin has been removed from the default.cfg to avoid
overwriting the randomly generated default value.

https://fedorahosted.org/pki/ticket/1393





The pki_pin has been removed from the default.cfg to avoid
overwriting the randomly generated default value.

https://fedorahosted.org/pki/ticket/1393







Added deployment parameters to construct pki_clone_uri.
2015-05-22T23:24:03+00:00

Endi S. Dewata
edewata@redhat.com

2015-05-22T14:26:22+00:00

c6d781ee897deb213411f6caba9ae8a1770af732

New parameters have been added into the default.cfg to specify the
master hostname and port for pki_clone_uri. By default they point
to the security domain. The man page has been updated as well.

https://fedorahosted.org/pki/ticket/1385





New parameters have been added into the default.cfg to specify the
master hostname and port for pki_clone_uri. By default they point
to the security domain. The man page has been updated as well.

https://fedorahosted.org/pki/ticket/1385