pki-ocsp-10.5.12-1.fc27.noarch.rpm


Advertisement

Description

pki-ocsp - Certificate System - Online Certificate Status Protocol Manager

Property Value
Distribution Fedora 27
Repository Fedora Updates i386
Package name pki-ocsp
Package version 10.5.12
Package release 1.fc27
Package architecture noarch
Package type rpm
Installed size 324.20 KB
Download size 168.10 KB
Official Mirror download-ib01.fedoraproject.org
The Online Certificate Status Protocol (OCSP) Manager is an optional PKI
subsystem that can act as a stand-alone OCSP service.  The OCSP Manager
performs the task of an online certificate validation authority by enabling
OCSP-compliant clients to do real-time verification of certificates.  Note
that an online certificate-validation authority is often referred to as an
OCSP Responder.
Although the Certificate Authority (CA) is already configured with an
internal OCSP service.  An external OCSP Responder is offered as a separate
subsystem in case the user wants the OCSP service provided outside of a
firewall while the CA resides inside of a firewall, or to take the load of
requests off of the CA.
The OCSP Manager can receive Certificate Revocation Lists (CRLs) from
multiple CA servers, and clients can query the OCSP Manager for the
revocation status of certificates issued by all of these CA servers.
When an instance of OCSP Manager is set up with an instance of CA, and
publishing is set up to this OCSP Manager, CRLs are published to it
whenever they are issued or updated.
This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.
==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains ALL top-level java-based Tomcat PKI components:
* pki-symkey
* pki-base
* pki-base-python2 (alias for pki-base)
* pki-base-python3
* pki-base-java
* pki-tools
* pki-server
* pki-ca
* pki-kra
* pki-ocsp
* pki-tks
* pki-tps
* pki-javadoc
which comprise the following corresponding PKI subsystems:
* Certificate Authority (CA)
* Key Recovery Authority (KRA)
* Online Certificate Status Protocol (OCSP) Manager
* Token Key Service (TKS)
* Token Processing Service (TPS)
Python clients need only install the pki-base package.  This
package contains the python REST client packages and the client
upgrade framework.
Java clients should install the pki-base-java package.  This package
contains the legacy and REST Java client packages.  These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.
Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools.  The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.
Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:
* dogtag-pki-theme (Dogtag Certificate System deployments)
* dogtag-pki-server-theme
* redhat-pki-server-theme (Red Hat Certificate System deployments)
* redhat-pki-server-theme
* customized pki theme (Customized Certificate System deployments)
* <customized>-pki-server-theme
NOTE:  As a convenience for standalone deployments, top-level meta
packages may be provided which bind a particular theme to
these certificate server packages.

Alternatives

Package Version Architecture Repository
pki-ocsp-10.5.12-1.fc27.noarch.rpm 10.5.12 noarch Fedora Updates
pki-ocsp-10.4.8-5.fc27.noarch.rpm 10.4.8 noarch Fedora
pki-ocsp-10.4.8-5.fc27.noarch.rpm 10.4.8 noarch Fedora
pki-ocsp - - -

Requires

Name Value
java-1.8.0-openjdk-headless -
pki-server = 10.5.12-1.fc27
systemd-units -

Provides

Name Value
pki-ocsp = 10.5.12-1.fc27

Download

Type URL
Binary Package pki-ocsp-10.5.12-1.fc27.noarch.rpm
Source Package pki-core-10.5.12-1.fc27.src.rpm

Install Howto

Install pki-ocsp rpm package:

# dnf install pki-ocsp

Files

Path
/usr/share/doc/pki-ocsp/LICENSE
/usr/share/java/pki/pki-ocsp.jar
/usr/share/pki/ocsp/
/usr/share/pki/ocsp/conf/CS.cfg
/usr/share/pki/ocsp/conf/acl.ldif
/usr/share/pki/ocsp/conf/acl.properties
/usr/share/pki/ocsp/conf/auth-method.properties
/usr/share/pki/ocsp/conf/db.ldif
/usr/share/pki/ocsp/conf/index.ldif
/usr/share/pki/ocsp/conf/indextasks.ldif
/usr/share/pki/ocsp/conf/jk2.manifest
/usr/share/pki/ocsp/conf/jk2.properties
/usr/share/pki/ocsp/conf/jkconf.ant.xml
/usr/share/pki/ocsp/conf/jkconfig.manifest
/usr/share/pki/ocsp/conf/server-minimal.xml
/usr/share/pki/ocsp/conf/shm.manifest
/usr/share/pki/ocsp/conf/tomcat-jk2.manifest
/usr/share/pki/ocsp/conf/tomcat-users.xml
/usr/share/pki/ocsp/conf/uriworkermap.properties
/usr/share/pki/ocsp/conf/web.xml
/usr/share/pki/ocsp/conf/workers.properties
/usr/share/pki/ocsp/conf/workers.properties.minimal
/usr/share/pki/ocsp/conf/workers2.properties
/usr/share/pki/ocsp/conf/workers2.properties.minimal
/usr/share/pki/ocsp/conf/Catalina/
/usr/share/pki/ocsp/conf/Catalina/localhost/ocsp.xml
/usr/share/pki/ocsp/setup/registry_instance
/usr/share/pki/ocsp/webapps/
/usr/share/pki/ocsp/webapps/ROOT/index.jsp
/usr/share/pki/ocsp/webapps/ROOT/WEB-INF/web.xml
/usr/share/pki/ocsp/webapps/ocsp/404.html
/usr/share/pki/ocsp/webapps/ocsp/500.html
/usr/share/pki/ocsp/webapps/ocsp/GenUnexpectedError.template
/usr/share/pki/ocsp/webapps/ocsp/index.jsp
/usr/share/pki/ocsp/webapps/ocsp/services.template
/usr/share/pki/ocsp/webapps/ocsp/WEB-INF/velocity.properties
/usr/share/pki/ocsp/webapps/ocsp/WEB-INF/web.xml
/usr/share/pki/ocsp/webapps/ocsp/WEB-INF/lib/pki-certsrv.jar
/usr/share/pki/ocsp/webapps/ocsp/WEB-INF/lib/pki-cms.jar
/usr/share/pki/ocsp/webapps/ocsp/WEB-INF/lib/pki-cmsbundle.jar
/usr/share/pki/ocsp/webapps/ocsp/WEB-INF/lib/pki-cmscore.jar
/usr/share/pki/ocsp/webapps/ocsp/WEB-INF/lib/pki-cmsutil.jar
/usr/share/pki/ocsp/webapps/ocsp/WEB-INF/lib/pki-nsutil.jar
/usr/share/pki/ocsp/webapps/ocsp/WEB-INF/lib/pki-ocsp.jar
/usr/share/pki/ocsp/webapps/ocsp/admin/console
/usr/share/pki/ocsp/webapps/ocsp/agent/GenError.template
/usr/share/pki/ocsp/webapps/ocsp/agent/GenPending.template
/usr/share/pki/ocsp/webapps/ocsp/agent/GenRejected.template
/usr/share/pki/ocsp/webapps/ocsp/agent/GenSuccess.template
/usr/share/pki/ocsp/webapps/ocsp/agent/GenSvcPending.template
/usr/share/pki/ocsp/webapps/ocsp/agent/GenUnauthorized.template
/usr/share/pki/ocsp/webapps/ocsp/agent/GenUnexpectedError.template
/usr/share/pki/ocsp/webapps/ocsp/agent/cms-funcs.js
/usr/share/pki/ocsp/webapps/ocsp/agent/funcs.js
/usr/share/pki/ocsp/webapps/ocsp/agent/header.template
/usr/share/pki/ocsp/webapps/ocsp/agent/helpfun.js
/usr/share/pki/ocsp/webapps/ocsp/agent/index.jsp
/usr/share/pki/ocsp/webapps/ocsp/agent/index.template
/usr/share/pki/ocsp/webapps/ocsp/agent/ports.template
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/AddCA.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/AddCRL.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/CheckCert.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/addCA.template
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/addCRL.template
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/checkCert.template
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/frameAddCA.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/frameAddCRL.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/frameCheckCert.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/frameListCA.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/frameOCSP.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/frameStats.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/getOCSPInfo.template
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/getStats.template
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/index.jsp
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/listCAs.template
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/menuAddCA.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/menuAddCRL.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/menuCheckCert.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/menuListCA.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/menuOCSP.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/menuStats.html
/usr/share/pki/ocsp/webapps/ocsp/agent/ocsp/removeCA.template

Changelog

2018-08-13 - Dogtag Team <pki-devel@redhat.com> 10.5.12-1
- dogtagpki Pagure Issue #2481 - ECC keys not supported for signing
audit logs (cfu)
- dogtagpki Pagure Issue #3041 -Enable all config audit events (cfu)
- dogtagpki Pagure Issue #3043 - consumer initialization failed.
Error (0) Total update succeeded (abokovoy)
- Fixed pki console configurations that involves ldap passwords leave the
plain text password in signed audit logs (cfu)
- Fixed Certificate generation happens with partial attributes in CMCRequest
file (cfu)
- Fixed Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu)
- Fixed CMC Revocations throws exception with same reqIssuer & certissuer (cfu)
2018-08-09 - Dogtag Team <pki-devel@redhat.com> 10.5.11-2
- freeipa Pagure Issue #7627 - ipa-replica-install --setup-kra broken
on DL0 with latest version (abokovoy)
2018-07-31 - Dogtag Team <pki-devel@redhat.com> 10.5.11-1
- dogtagpki Pagure Issue #2915 - keyGen fails when only Identity
certificate exists (jmagne)
2018-07-02 - Dogtag Team <pki-devel@redhat.com> 10.5.10-1
- Updated "jss" build and runtime requirements (mharmsen)
- Updated "tomcatjss" build and runtime requirements (mharmsen)
- dogtagpki Pagure Issue #2865 X500Name.directoryStringEncodingOrder
overridden by CSR encoding (cfu)
- dogtagpki Pagure Issue #2920 Part2 of SharedToken Audit (cfu)
- dogtagpki Pagure Issue #2922 IPAddressName: fix construction from
String (ftweedal)
- dogtagpki Pagure Issue #2959 Address pkispawn ECC profile overrides (cfu)
- dogtagpki Pagure Issue #2992 CMC Simple request profiles and CMCResponse
to support simple response (cfu)
- dogtagpki Pagure Issue #3003 AuditVerify failure due to line breaks (cfu)
- dogtagpki Pagure Issue #3037 CMC SharedToken SubjectDN default (cfu)
2018-06-08 - Dogtag Team <pki-devel@redhat.com> 10.5.9-1
- dogtagpki Pagure Issue #2922 - Name Constraints: Using a Netmask
produces an odd entry in a certifcate (ftweedal)
- dogtagpki Pagure Issue #2941 - ExternalCA: Installation failed during
csr generation with ecc (rrelyea, gkapoor)
- dogtagpki Pagure Issue #2999 - Cert validation for installation with
external CA cert (edewata)
- dogtagpki Pagure Issue #3028 - CMC CRMF request results in
InvalidKeyFormatException when signing algorithm is ECC (cfu)
- dogtagpki Pagure Issue #3033 - CRMFPopClient tool - should allow
option to do no key archival (cfu)
2018-05-23 - Dogtag Team <pki-devel@redhat.com> 10.5.8-1
- Updated "jss" build and runtime requirements (mharmsen)
- dogtagpki Pagure Issue #1576 - subsystem -> subsystem SSL handshake
issue with TLS_ECDHE_RSA_* on Thales HSM (cfu)
- dogtagpki Pagure Issue #1741 - ECDSA Certificates Generated by
Certificate System fail NIST validation test with parameter field. (cfu)
- dogtagpki Pagure Issue #2940 - [MAN] Missing Man pages for tools
CMCRequest, CMCResponse, CMCSharedToken (cfu)
- dogtagpki Pagure Issue #2992 - servlet profileSubmitCMCSimple throws
NPE (cfu)
- dogtagpki Pagure Issue #2995 - SAN in internal SSL server certificate in
pkispawn configuration step (cfu)
- dogtagpki Pagure Issue #2996 - ECC installation for non CA subsystems
needs improvement (jmagne)
- dogtagpki Pagure Issue #2997 - Token name normalization problem in
pki-server subsystem-cert-validate (edewata)
- dogtagpki Pagure Issue #3018 - CMC profiles: Some CMC profiles have
wrong input class_id (cfu)
2018-04-10 - Dogtag Team <pki-devel@redhat.com> 10.5.7-2
- dogtagpki Pagure Issue #2940 -[MAN] Missing Man pages for tools
CMCRequest, CMCResponse, CMCSharedToken (cfu)
- dogtagpki Pagure Issue #2946 - libtps does not directly depend on libz
(build failure with nss-3.35) (ftweedal, cfu)
- dogtagpki Pagure Issue #2950 - Need ECC-specific Enrollment Profiles
for standard conformance (cfu)

See Also

Package Description
pki-server-10.5.12-1.fc27.noarch.rpm Certificate System - PKI Server Framework
pki-symkey-10.5.12-1.fc27.i686.rpm Symmetric Key JNI Package
pki-tks-10.5.12-1.fc27.noarch.rpm Certificate System - Token Key Service
pki-tools-10.5.12-1.fc27.i686.rpm Certificate System - PKI Tools
pki-tps-10.5.12-1.fc27.i686.rpm Certificate System - Token Processing Service
pl-7.4.2-4.fc27.i686.rpm SWI-Prolog - Edinburgh compatible Prolog compiler
pl-compat-yap-devel-7.4.2-4.fc27.i686.rpm Development files building YAP application against SWI Prolog
pl-devel-7.4.2-4.fc27.i686.rpm Development files for SWI Prolog
pl-doc-7.4.2-4.fc27.i686.rpm Documentation for SWI Prolog
pl-jpl-7.4.2-4.fc27.i686.rpm A bidirectional Prolog/Java interface for SWI Prolog
pl-odbc-7.4.2-4.fc27.i686.rpm SWI-Prolog ODBC interface
pl-static-7.4.2-4.fc27.i686.rpm Static library for SWI Prolog
pl-xpce-7.4.2-4.fc27.i686.rpm A toolkit for developing graphical applications in Prolog
plasma-breeze-5.12.7-1.fc27.i686.rpm Artwork, styles and assets for the Breeze visual style for the Plasma Desktop
plasma-breeze-common-5.12.7-1.fc27.noarch.rpm Common files shared between KDE 4 and Plasma 5 versions of the Breeze style
Advertisement
Advertisement