エラータID: AXBA:2018-3330:04

2018/09/25 Tuesday - 21:20
Asianux Server 7 for x86_64

The Public Key Infrastructure (PKI) Core contains fundamental packages required by Asianux Certificate System.

This update fixes the following bugs:

* Previously, if a user signed a Certificate Management over CMS (CMC) request using a self-signed profile, Certificate System issued a certificate. This bug has been fixed. As a result, users can now use a self-signed profile when authenticating using the Shared Token method. (BZ#1611245)

* This update removes the outdated reference to the NSS_USE_DECODED_CKA_EC_POINT environment variable for ECC certificates in the HttpClient command line usage. (BZ#1611250)

* Previously, if the issuer subjectDN attribute of the certificate authority (CA) signing certificate had a different encoding than the default on the host running Certificate System, comparing the issuer subjectDN failed. With this update, the server extracts the issuer subjectDN of the CA signing certificate for comparison. As a result, comparing the attribute succeeds. (BZ#1612880)

* When you set up an Identity Management (IdM) replica with certificate authority (CA), the pkispawn utility, provided by the pki-core package, reads the replication status from the nsds5replicaLastInitStatus attribute stored in LDAP. A previous update of Asianux Directory Server changed the status message from "0 Total update succeeded" to "Error (0) Total update succeeded". As a consequence, setting up an IdM replica with CA failed. The pkispawn utility has been updated to support both status messages. As a result, setting up an IdM replica with CA works as expected with both the previous and latest versions of Directory Server. (BZ#1614837)

* Previously, Certificate System did not log certain configuration actions in the audit log by default. As a consequence, auditors could not verify who changed the configuration. This update adds the CERT_PROFILE_APPROVAL, CONFIG_CRL_PROFILE, CONFIG_OCSP_PROFILE, CONFIG_ACL, and CONFIG_DRM,AUTHORITY_CONFIG events to the list of events enabled by default. As a result, Certificate System logs these events automatically without the need to manually add them to the configuration. (BZ#1614839)

* Previously, audit log signing in Certificate System only supported RSA keys. With this update, Certificate System also supports ECC keys for signing the audit log, and the AuditVerify utility can verify these signatures. (BZ#1615266)

Users of pki-core are advised to upgrade to these updated packages, which fix these bugs.


Update packages.




  1. pki-core-10.5.1-15.el7.src.rpm
    MD5: bd127c0c313180ea32594edb17cddc8b
    SHA-256: 75aaca21b1a2c51da83410e4828035e2002e9896e6c7aad276b4e0c8f547db1a
    Size: 4.62 MB

Asianux Server 7 for x86_64
  1. pki-base-10.5.1-15.el7.noarch.rpm
    MD5: c1faac67d95fb113db7d07874675e01e
    SHA-256: fdefcbc73f3d1b35bd329523c26c6a3168f3e97acd0b6a403ea01a9b290b31e6
    Size: 401.97 kB
  2. pki-base-java-10.5.1-15.el7.noarch.rpm
    MD5: 088f47ab7eec3d7248c21bdac3d5a42a
    SHA-256: 5fc17d19b935fb5161978de6e10575dcfc4b61b6a5dffb5386b56db38cdc530b
    Size: 1.17 MB
  3. pki-ca-10.5.1-15.el7.noarch.rpm
    MD5: e45f33bcd3241c9b4fa338c2f3441cee
    SHA-256: 9168145184093317b411785670457499da8bce48df2953cdfa62b6e3febc59bf
    Size: 466.62 kB
  4. pki-kra-10.5.1-15.el7.noarch.rpm
    MD5: eb555ac284cd0b859d48fd7a4881506d
    SHA-256: fe672ae86d7834c1cb62b741cc88b9b47887e1c2dc177d562a14c8b61d9b9f6c
    Size: 287.67 kB
  5. pki-server-10.5.1-15.el7.noarch.rpm
    MD5: 37cc90ea1b8568c3dfb17a3ebf75ce12
    SHA-256: 36f8a73a65faf3b956be4ee24c6e26b2ac2b4b06aab36aeacf378c4adf671e2d
    Size: 2.85 MB
  6. pki-symkey-10.5.1-15.el7.x86_64.rpm
    MD5: 5c313f498e2a9bfaa13757115e50ba6e
    SHA-256: 023880964a5d4f071400b41c16f15099d7aa45538c0f5ecd0e3555f7b38ed9bb
    Size: 147.16 kB
  7. pki-tools-10.5.1-15.el7.x86_64.rpm
    MD5: 92b8c3f71d9bc647510853bbf5b2dbe5
    SHA-256: 908b12b7e7575e524b11233666f7b94d33a918f4e2713aea7d7e648d28741391
    Size: 718.78 kB