pki.git/base/server/share/conf, branch master Unnamed repository; edit this file 'description' to name the repository. Updated log4j.properties. 2016-11-18T01:41:36+00:00 Endi S. Dewata edewata@redhat.com 2016-11-17T02:41:25+00:00 bfd7fc1c9ec665b4affda5bf48c9aca20f8f5775 To reduce maintenance the log4j.properties is no longer copied into the instance folder during deployment. Instead, a link will be created in the /var/lib/pki/<instance>/lib folder pointing to the default file in /usr/share/pki/server/conf. The default log4j.properties has been updated to remove redundant lines. By default only log messages with level WARN or higher will be logged on the console. https://fedorahosted.org/pki/ticket/1897 
To reduce maintenance the log4j.properties is no longer copied
into the instance folder during deployment. Instead, a link will
be created in the /var/lib/pki/<instance>/lib folder pointing to
the default file in /usr/share/pki/server/conf.

The default log4j.properties has been updated to remove redundant
lines. By default only log messages with level WARN or higher will
be logged on the console.

https://fedorahosted.org/pki/ticket/1897
Updated logging.properties. 2016-11-18T01:41:31+00:00 Endi S. Dewata edewata@redhat.com 2016-11-16T23:27:58+00:00 e674bc51b4d23bc362a1312addd0b09625cf5747 To reduce maintenance the logging.properties is no longer copied into the instance folder during deployment. Instead, a link will be created in /etc/pki/<instance> pointing to the default file in /usr/share/pki/server/conf. The default logging.properties has been updated to only log messages with level WARNING or higher on the console. https://fedorahosted.org/pki/ticket/1897 
To reduce maintenance the logging.properties is no longer copied
into the instance folder during deployment. Instead, a link will
be created in /etc/pki/<instance> pointing to the default file
in /usr/share/pki/server/conf.

The default logging.properties has been updated to only log
messages with level WARNING or higher on the console.

https://fedorahosted.org/pki/ticket/1897
Removed hard-coded paths in pki.policy. 2016-07-26T19:18:20+00:00 Endi S. Dewata edewata@redhat.com 2016-07-22T15:31:20+00:00 9e77b42d88da07e91a42966bc2d1ea9237e62f47 The operations script has been modified to generate pki.policy dynamically from links in the <instance>/common/lib directory. This allows the pki.policy to match the actual paths in different platforms. https://fedorahosted.org/pki/ticket/2403 
The operations script has been modified to generate pki.policy
dynamically from links in the <instance>/common/lib directory.
This allows the pki.policy to match the actual paths in different
platforms.

https://fedorahosted.org/pki/ticket/2403
Bugzilla #1203407 tomcatjss: missing ciphers 2016-06-30T22:46:19+00:00 Christina Fu cfu@redhat.com 2016-06-30T22:01:42+00:00 f0ad71e8a4fbae665a6b4875cce5b82895ad74f0 This patch removes references to the ciphers currently unsupported by NSS: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 
This patch removes references to the ciphers currently unsupported by NSS:
    TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
    TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
Fixed Java dependency. 2016-06-17T18:19:09+00:00 Endi S. Dewata edewata@redhat.com 2016-06-16T22:23:22+00:00 fc96c05922d1a42d0fbaaa02a67a31e69c667f84 The code has been modified to use the JAVA_HOME path specified in the pki.conf. The spec file has been modified to depend specifically on OpenJDK 1.8.0 and to provide the default JAVA_HOME path for the pki.conf. https://fedorahosted.org/pki/ticket/2363 
The code has been modified to use the JAVA_HOME path specified in
the pki.conf.

The spec file has been modified to depend specifically on OpenJDK
1.8.0 and to provide the default JAVA_HOME path for the pki.conf.

https://fedorahosted.org/pki/ticket/2363
Fix LDAP schema violation when instance name contains '_' 2016-05-30T02:17:12+00:00 Fraser Tweedale ftweedal@redhat.com 2016-05-30T02:17:12+00:00 a40139d5f21139d31b62d3c35002b454131245f1 The instance name is used in NSSDB key nicknames, which are stored in the authorityKeyNickname attribute for mapping lightweight CAs to their keys. The schema was PrintableString, which does not permit '_', causing LDAP syntax errors if the instance name contains '_'. To avoid this issue, change the attribute syntax to IA5String. Existing instances should be largely unaffected. The schema update can be successfully applied even for existing attributes, because PrintableString and IA5String share the same underlying representation in 389DS. Fixes: https://fedorahosted.org/pki/ticket/2343 
The instance name is used in NSSDB key nicknames, which are stored
in the authorityKeyNickname attribute for mapping lightweight CAs to
their keys.  The schema was PrintableString, which does not permit
'_', causing LDAP syntax errors if the instance name contains '_'.

To avoid this issue, change the attribute syntax to IA5String.
Existing instances should be largely unaffected.  The schema update
can be successfully applied even for existing attributes, because
PrintableString and IA5String share the same underlying
representation in 389DS.

Fixes: https://fedorahosted.org/pki/ticket/2343
Lightweight CAs: add missing authoritySerial attr to default schema 2016-05-14T03:20:22+00:00 Fraser Tweedale ftweedal@redhat.com 2016-05-14T01:45:44+00:00 3d8d636db6ebba75510c5cd7ea26bc24838da509 






Lightweight CAs: authority schema changes
2016-05-03T01:09:39+00:00

Fraser Tweedale
ftweedal@redhat.com

2016-03-30T05:06:25+00:00

24992c089b9b5088f4481fda3d01a907565b5121

Add the 'authorityKeyHost' attribute which will contain names of
hosts that possess the authority's signing keys.

Add the 'authoritySerial' attribute which may contain the serial
number of the certificate most recently issued for the authority.

Change other attributes to be single-valued.

Part of: https://fedorahosted.org/pki/ticket/1625





Add the 'authorityKeyHost' attribute which will contain names of
hosts that possess the authority's signing keys.

Add the 'authoritySerial' attribute which may contain the serial
number of the certificate most recently issued for the authority.

Change other attributes to be single-valued.

Part of: https://fedorahosted.org/pki/ticket/1625







Add realm schema changes
2016-04-20T21:29:17+00:00

Ade Lee
alee@redhat.com

2016-04-16T14:43:02+00:00

55b3b745be977b7d1cfc527ffb5f828deacbe26b

Added realm attribute and index.  Added to request and keyRecord.
Part of Trac Ticket 2041





Added realm attribute and index.  Added to request and keyRecord.
Part of Trac Ticket 2041







Add script to enable USN plugin
2016-04-15T19:06:13+00:00

Ade Lee
alee@redhat.com

2016-04-15T18:36:00+00:00

0c5fb1e398510391187054a465c6460042bfc0b2

New authority monitor code requires the USN plugin to be
enabled in the database to ensure that the entryUSN attribute
is added to authority entries.

In the case where this plugin was disabled, accessing this
attribute resulted in a null pointer exception whch prevented server
startup.

The code has been changed so as not to throw a null pointer exception
on startup if the entryusn is not present, and also to call an LDIF
to enable the plugin when a subsystem is configured through pkispawn.





New authority monitor code requires the USN plugin to be
enabled in the database to ensure that the entryUSN attribute
is added to authority entries.

In the case where this plugin was disabled, accessing this
attribute resulted in a null pointer exception whch prevented server
startup.

The code has been changed so as not to throw a null pointer exception
on startup if the entryusn is not present, and also to call an LDIF
to enable the plugin when a subsystem is configured through pkispawn.