Installation guide

ManualsBrandsRed Hat ManualsConsumer electronicsCERTIFICATE 8.0 RELEASE NOTES

445436 Searching for certificates through the Revoke Certificates

page in the CA's agent services reported a bad search filter. The

schema used for search filter generation have been updated to

enhance the filtering options.

458499 The Unique Subject Name Constraint rejected requests with

duplicate subject names even if the existing certificate was revoked

or expired (when the duplicate name should have been allowed).

Along with fixes to this error, a new parameter has been added to

the constraint to allow administrators to set whether to allow

duplicate subject names as long as the key usage bits are different.

463343 Key generation failed on the DRM when it was configured to use

nCipher netHSM.

478909 In some situations, the internal LDAP database for a CA could run

out of connections because of memory leaks associated with the

operations to get and set serial numbers.

480143 SELinux errors at the time an instance was created could potentially

prevent the configuration wizard from opening for the OCSP, TKS, or

RA.

480825 The publisher ignored the encoding parameter and always

published files in base-64 encoding.

481177 Normally, when a certificate is published to a file, and then the

certificate is revoked, the publisher removes the published file for

the revoked certificate. However, base-64 encoded files were not

being unpublished by the publisher.

481790 If a value other than a UUID was set for the OtherName parameter

for the Subject Alternative Name extension, than the subject

alternative name was ignored and not included in the issued

certificate.

483184 Attempting to add or register a custom authentication plug-in to the

CA configuration through the console threw several different Java IO

exception errors, and adding the plug-in failed.

490551 The key size is now selectable in end-entity forms, so the same

profile can be used to issue both 1024-bit and 2048-bit certificates,

for example. The fully range is 512 bits to 8192 bits, for RSA keys.

490782 The security officer token was reset whenever the Enterprise

Security Client esc-prefs.js file was edited to go from security

officer mode to regular mode. T he security officer token was

mistakenly being formatted when it was inserted to control a user

token format operation.

490814 The format operation for a token updates its master key from the

default to a new one. However, the default master key version is set

in the TPS CS.cfg. Whenever master key changeover occurred, the

formatted tokens could not be re-enrolled because their new master

key version did not match the one in the T PS configuration.

However, changing the master key version in the TPS configuration

prevented new tokens (with the default master key) from being

enrolled.

New configuration parameters have been added to allow the T PS

configuration to set both the default master key version and an

6. Bugs Fixed in Certificate System 8.0