Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsConsumer electronicsCERTIFICATE 8.0 RELEASE NOTES
31323334353637383940
499014 When trying to renew a DRM certificate using the
certificate wizard tool in the Java console
(pkiconsole), the certificate renewal fails and the
DRM crashes.
The console relied on the old policy framework to renew
certificates, but the policy framework was replaced by a
new profile framework in Certificate System 7.2.
Therefore, the renewal feature in the console is broken.
This is related to bug 453501.
Generate and install new
subsystem certificates using
the certificate wizard in the
console, rather than attempting
to renew existing certificates.
499052 If the configured OCSP responder in the RA or T PS
nss.conf file is not the default responder, then NSS
attempts to verify the OCSP signing certificate used by
the OCSP, but it instead creates an infinite loop
attempting to verify the certificate status against itself.
Make sure that any OCSP
responder in the RA or TPS
nss.conf file is the default,
such as the CA's internal
OCSP service.
499291 The e-gate drivers (eginstall.exe) would not install
properly on Windows servers, which caused installing
the Enterprise Security Client to fail on Windows.
The e-gate drivers have been removed from the
Windows Enterprise Security Client packages on
Windows to allow the client to be installed.
e-gate tokens must be
formatted on Red Hat
Enterprise Linux or Mac
systems, since the e-gate
drivers are not available for the
Enterprise Security Client on
Windows.
501299 Token operations can cause a large number of
unindexed searches to be returned in the instance's
internal Directory Server logs. An unindexed search
shows up in Directory Server access logs as notes=U.
Unindexed searches are resource-intensive and can
affect performance for the Directory Server. However,
most of the unindexed searches returned for Certificate
System token operations are improperly labeled index
searches when they are really indexed VLV searches
(related to Red Hat Directory Server bug 507460). T he
remainder of the unindexed searches still had very low
etimes for the searches and should not significantly
affect Certificate System performance.
503641 Attempting to load the Certicom ECC module fails if
SELinux is in enforcing mode, the default setting for
Certificate System 8.0.
modutil, the tool which is used to load ECC modules,
requests text relocation permissions for Certicom's
/usr/lib/libsbgse2.so library. T his is not allowed
by SELinux's enforcing mode.
SELinux can be configured to
allow
/usr/lib/libsbgse2.so to
have text relocation
permissions, which allows the
ECC module to be successfully
loaded.
1. Change the file context
to textrel_shlib_t.
8. Known Issues
31