Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

pki-ca-10.5.18-12.el7_9 RPM for noarch

From Updates for CentOS 7.9.2009 for x86_64 / Packages

Name: pki-ca Distribution: Unknown
Version: 10.5.18 Vendor: CentOS
Release: 12.el7_9 Build date: Tue Mar 16 16:29:59 2021
Group: System Environment/Daemons Build host: x86-02.bsys.centos.org
Size: 2434604 Source RPM: pki-core-10.5.18-12.el7_9.src.rpm
Packager: CentOS BuildSystem <http://bugs.centos.org>
Url: http://pki.fedoraproject.org/
Summary: Certificate System - Certificate Authority
The Certificate Authority (CA) is a required PKI subsystem which issues,
renews, revokes, and publishes certificates as well as compiling and
publishing Certificate Revocation Lists (CRLs).

The Certificate Authority can be configured as a self-signing Certificate
Authority, where it is the root CA, or it can act as a subordinate CA,
where it obtains its own signing certificate from a public CA.

This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.


==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================

Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

PKI Core contains ALL top-level java-based Tomcat PKI components:

  * pki-symkey
  * pki-base
  * pki-base-python2 (alias for pki-base)
  * pki-base-python3
  * pki-base-java
  * pki-tools
  * pki-server
  * pki-ca
  * pki-kra
  * pki-ocsp
  * pki-tks
  * pki-tps
  * pki-javadoc

which comprise the following corresponding PKI subsystems:

  * Certificate Authority (CA)
  * Key Recovery Authority (KRA)
  * Online Certificate Status Protocol (OCSP) Manager
  * Token Key Service (TKS)
  * Token Processing Service (TPS)

Python clients need only install the pki-base package.  This
package contains the python REST client packages and the client
upgrade framework.

Java clients should install the pki-base-java package.  This package
contains the legacy and REST Java client packages.  These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.

Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools.  The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.

Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
    * dogtag-pki-server-theme
  * redhat-pki-server-theme (Red Hat Certificate System deployments)
    * redhat-pki-server-theme
  * customized pki theme (Customized Certificate System deployments)
    * <customized>-pki-server-theme

  NOTE:  As a convenience for standalone deployments, top-level meta
         packages may be provided which bind a particular theme to
         these certificate server packages.

Provides

Requires

License

GPLv2

Changelog

* Wed Feb 24 2021 Dogtag Team <pki-devel@redhat.com> 10.5.18-12
  - Change variable 'TPS' to 'tps'
  - ##########################################################################
  - # RHEL 7.9:
  - ##########################################################################
  - Bugzilla Bug 1883639 - Add KRA Transport and Storage Certificates
    profiles, audit for IPA (edewata)
  - ##########################################################################
  - # Backported CVEs (ascheel):
  - ##########################################################################
  - Bugzilla Bug 1724697 - CVE-2019-10180 pki-core: unsanitized token
    parameters in TPS resulting in stored XSS [certificate_system_9-default]
    (edewata, ascheel)
  - Bugzilla Bug 1725128 - CVE-2019-10178 pki-core: stored Cross-site
    scripting (XSS) in the pki-tps web Activity tab
    [certificate_system_9-default] (edewata, ascheel)
  - Bugzilla Bug 1791100 - CVE-2020-1696 pki-core: Stored XSS in TPS profile
    creation [certificate_system_9-default] (edewata, ascheel)
  - Bugzilla Bug 1724688 - CVE-2019-10146 pki-core: Reflected Cross-Site
    Scripting in 'path length' constraint field in CA's Agent page
    [rhel-7.9.z] (dmoluguw, ascheel)
  - Bugzilla Bug 1789843 - CVE-2019-10221 pki-core: reflected cross site
    scripting in getcookies?url= endpoint in CA [rhel-7.9.z]
    (dmoluguw, ascheel)
  - Bugzilla Bug 1724713 - CVE-2019-10179 pki-core: pki-core/pki-kra:
    Reflected XSS in recoveryID search field at KRA's DRM agent page in
    authorize recovery tab [rhel-7.9.z] (ascheel)
  - Bugzilla Bug 1798011 - CVE-2020-1721 pki-core: KRA vulnerable to
    reflected XSS via the getPk12 page [rhel-7.9.z] (ascheel,jmagne)
  - ##########################################################################
  - Update to jquery v3.4.1 (ascheel)
  - Update to jquery-i18n-properties v1.2.7 (ascheel)
  - Update to backbone v1.4.0 (ascheel)
  - Upgrade to underscore v1.9.2 (ascheel)
  - Update to patternfly v3.59.3 (ascheel)
  - Update to jQuery v3.5.1 (ascheel)
  - Upgrade to bootstrap v3.4.1 (ascheel)
  - Link in new Bootstrap CSS file (ascheel)
  - ##########################################################################
  - # RHCS 9.7:
  - ##########################################################################
  - # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Thu Feb 11 2021 Dogtag Team <pki-devel@redhat.com> 10.5.18-11
  - ##########################################################################
  - # RHEL 7.9:
  - ##########################################################################
  - Bugzilla Bug 1883639 - Add KRA Transport and Storage Certificates
    profiles, audit for IPA (edewata)
  - ##########################################################################
  - # Backported CVEs (ascheel):
  - ##########################################################################
  - Bugzilla Bug 1724697 - CVE-2019-10180 pki-core: unsanitized token
    parameters in TPS resulting in stored XSS [certificate_system_9-default]
    (edewata, ascheel)
  - Bugzilla Bug 1725128 - CVE-2019-10178 pki-core: stored Cross-site
    scripting (XSS) in the pki-tps web Activity tab
    [certificate_system_9-default] (edewata, ascheel)
  - Bugzilla Bug 1791100 - CVE-2020-1696 pki-core: Stored XSS in TPS profile
    creation [certificate_system_9-default] (edewata, ascheel)
  - Bugzilla Bug 1724688 - CVE-2019-10146 pki-core: Reflected Cross-Site
    Scripting in 'path length' constraint field in CA's Agent page
    [rhel-7.9.z] (dmoluguw, ascheel)
  - Bugzilla Bug 1789843 - CVE-2019-10221 pki-core: reflected cross site
    scripting in getcookies?url= endpoint in CA [rhel-7.9.z]
    (dmoluguw, ascheel)
  - Bugzilla Bug 1724713 - CVE-2019-10179 pki-core: pki-core/pki-kra:
    Reflected XSS in recoveryID search field at KRA's DRM agent page in
    authorize recovery tab [rhel-7.9.z] (ascheel)
  - Bugzilla Bug 1798011 - CVE-2020-1721 pki-core: KRA vulnerable to
    reflected XSS via the getPk12 page [rhel-7.9.z] (ascheel,jmagne)
  - ##########################################################################
  - Update to jquery v3.4.1 (ascheel)
  - Update to jquery-i18n-properties v1.2.7 (ascheel)
  - Update to backbone v1.4.0 (ascheel)
  - Upgrade to underscore v1.9.2 (ascheel)
  - Update to patternfly v3.59.3 (ascheel)
  - Update to jQuery v3.5.1 (ascheel)
  - Upgrade to bootstrap v3.4.1 (ascheel)
  - Link in new Bootstrap CSS file (ascheel)
  - ##########################################################################
  - # RHCS 9.7:
  - ##########################################################################
  - # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Fri Dec 04 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-10
  - Bugzilla Bug #1883639 - additional fix to upgrade script (edewata)
* Thu Dec 03 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-9
  - Bugzilla Bug #1883639 - additional support on upgrade for audit
    cert profile and auditProfileUpgrade + auditProfileUpgrade part 2 (cfu)
* Tue Nov 17 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-8
  - ##########################################################################
  - # RHEL 7.9:
  - ##########################################################################
  - Bugzilla Bug #1883639 - add profile caAuditSigningCert (cfu)
  - ##########################################################################
  - # RHCS 9.7:
  - ##########################################################################
  - # Bugzilla Bug #1710978 - TPS - Add logging to tdbAddCertificatesForCUID if
    - # Bugzilla Bug #1858860 - TPS - Update Error Codes returned to client
    - # Bugzilla Bug #1858861 - TPS - Server side key generation is not working
    - # Bugzilla Bug #1858867 - TPS does not check token cuid on the user
* Wed May 27 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-7
  - Patch for CMCResponse tool
  - Bugzilla Bug #1710109 - add RSA PSS support - fix CMCResponse tool (jmagne)
* Tue May 19 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-6
  - Patch for CMC Credential Error, RSA PSS typo, and new profile
    for directory-authentication-based Server-Side keygen
  - ##########################################################################
  - # RHEL 7.9:
  - ##########################################################################
  - Bugzilla Bug #1710109 - add RSA PSS support (jmagne)
  - Bugzilla Bug #1794213 - Server-Side keygen Enrollment for EE (cfu)
  - ##########################################################################
  - # RHCS 9.7:
  - ##########################################################################
  - # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Thu May 07 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-5
  - Updated jss dependencies
  - Bugzilla Bug #1710109 - add RSA PSS support - fix SHA512 (jmagne)
* Tue May 05 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-4
  - ##########################################################################
  - # RHEL 7.9:
  - ##########################################################################
  - Bugzilla Bug #1794213 - Server-Side keygen Enrollment for EE
    additional support and touch-up (cfu)
  - ##########################################################################
  - # RHCS 9.7:
  - ##########################################################################
  - # Bugzilla Bug #1710975 - TPS - Searching the certificate DB for a brand new
* Sun Apr 19 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-3
  - Updated jss dependencies
  - ##########################################################################
  - # RHEL 7.9:
  - ##########################################################################
  - Bugzilla Bug #1794213 - Server-Side keygen Enrollment for EE (cfu)
  - Bugzilla Bug #1809273 - CRL generation performs an unindexed search (jmagne)
  - ##########################################################################
  - # RHCS 9.7:
  - ##########################################################################
  - # Bugzilla Bug #1549307 - No default TPS Auditor group (ascheel)
* Mon Mar 30 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-2
  - Bugzilla Bug #1710109 - add RSA PSS support - fix IPA installer (jmagne)
* Sun Mar 29 2020 Dogtag Team <pki-devel@redhat.com> 10.5.18-1
  - Updated jss dependencies
  - ##########################################################################
  - # RHEL 7.9:
  - ##########################################################################
  - Bugzilla Bug #1774174 - Rebase pki-core from 10.5.17 to 10.5.18 (RHEL)
  - ##########################################################################
  - # RHCS 9.7:
  - ##########################################################################
  - # Bugzilla Bug #1774177 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
    - # Bugzilla Bug #1774181 - Update RHCS version of CA, KRA, OCSP, and TKS so
* Mon Dec 02 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-6
  - ##########################################################################
  - # RHEL 7.8:
  - ##########################################################################
  - Bugzilla Bug #1723008 - ECC Key recovery failure with
    CKR_TEMPLATE_INCONSISTENT (cfu)
  - Bugzilla Bug #1774282 - pki-server-nuxwdog template has pid file name with
    non-breakable space char encoded instead of 0x20 space char (ascheel)
  - ##########################################################################
  - # RHCS 9.6:
  - ##########################################################################
  - # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Thu Oct 24 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-5
  - ##########################################################################
  - # RHEL 7.8:
  - ##########################################################################
  - Bugzilla Bug #1523330 - CC: missing audit event for CS acting as TLS client
    (cfu)
  - ##########################################################################
  - # RHCS 9.6:
  - ##########################################################################
  - # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Mon Sep 30 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-4
  - Include 'pistool' in the 'pki-tools' package
* Mon Sep 23 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-3
  - ##########################################################################
  - # RHEL 7.8:
  - ##########################################################################
  - Bugzilla Bug #1445479 - KRATool does not support netkeyKeyRecovery
    attribute (dmoluguw)
  - Bugzilla Bug #1534013 - Attempting to add new keys using a PUT KEY APDU
    to a token that is loaded only with the default/factory keys (Key Version
    Number 0xFF) returns an APDU with error code 0x6A88. (jmagne)
  - Bugzilla Bug #1709585 - PKI (test support) for PKCS#11 standard
    AES KeyWrap for HSM support (cfu, ftweedal)
  - Bugzilla Bug #1748766 - number range depletion when multiple clones
    created from same master (ftweedal)
  - ##########################################################################
  - # RHCS 9.6:
  - ##########################################################################
  - # Bugzilla Bug #1520258 - TPS token search fails to find entries , LDAP filter
    - # Bugzilla Bug #1535671 - RFE to have the users be able to use the
* Mon Sep 09 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-2
  - ##########################################################################
  - # RHEL 7.8:
  - ##########################################################################
  - Bugzilla Bug #1523330 - CC: missing audit event for CS acting as TLS
    client (cfu)
  - Bugzilla Bug #1597727 - CA - Unable to change a certificate’s revocation
    reason from superceded to key_compromised (rhcs-maint)
  - ##########################################################################
  - # RHCS 9.6:
  - ##########################################################################
  - # Bugzilla Bug #1470410 - TPS doesn't update revocation status when
    - # Bugzilla Bug #1470433 - Add supported transitions to TPS (rhcs-maint)
  - # Bugzilla Bug #1585722 - TMS - PKISocketFactory – Modify Logging to Allow
    - # Bugzilla Bug #1642577 - TPS – Revoked Encryption Certificates Marked as
* Tue Aug 13 2019 Dogtag Team <pki-devel@redhat.com> 10.5.17-1
  - Updated jss, nuxwdog, and tomcatjss dependencies
  - ##########################################################################
  - # RHEL 7.8:
  - ##########################################################################
  - Bugzilla Bug #1733586 - Rebase pki-core from 10.5.16 to 10.5.17 (RHEL)
  - ##########################################################################
  - # RHCS 9.6:
  - ##########################################################################
  - # Bugzilla Bug #1718418 - Update RHCS version of CA, KRA, OCSP, and TKS so
    - # Bugzilla Bug #1733588 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Thu Jun 20 2019 Dogtag Team <pki-devel@redhat.com> 10.5.16-3
  - ##########################################################################
  - # RHEL 7.7:
  - ##########################################################################
  - Bugzilla Bug #1638379 - PKI startup initialization process should not
    depend on LDAP operational attributes [ftweedal]
  - ##########################################################################
  - # RHCS 9.5:
  - ##########################################################################
  - # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Thu Apr 04 2019 Dogtag Team <pki-devel@redhat.com> 10.5.16-2
  - ##########################################################################
  - # RHEL 7.7:
  - ##########################################################################
  - Bugzilla Bug #1491453 - Need Method to Include SKI in CA Signing
    Certificate Request [ftweedal]
  - ##########################################################################
  - # RHCS 9.5:
  - ##########################################################################
  - # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Mon Mar 18 2019 Dogtag Team <pki-devel@redhat.com> 10.5.16-1
  - Updated jss dependencies
  - ##########################################################################
  - # RHEL 7.7:
  - ##########################################################################
  - Bugzilla Bug #1633422 - Rebase pki-core from 10.5.1 to 10.5.16 (RHEL) 
  - ##########################################################################
  - # RHCS 9.5:
  - ##########################################################################
  - # Bugzilla Bug #1633423 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Fri Feb 15 2019 Dogtag Team <pki-devel@redhat.com> 10.5.9-13
  - Updated jss dependencies
  - ##########################################################################
  - # RHEL 7.6:
  - ##########################################################################
  - Bugzilla Bug #1671245 - CC: unable to verify cert before import
    [rhel-7.6.z] [manpage] (ascheel)
  - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL)
    [rhel-7.6.z] (edewata)
  - ##########################################################################
  - # RHCS 9.4:
  - ##########################################################################
  - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)
* Fri Feb 01 2019 Dogtag Team <pki-devel@redhat.com> 10.5.9-12
  - Updated jss dependencies
  - ##########################################################################
  - # RHEL 7.6:
  - ##########################################################################
  - Bugzilla Bug #1671245 - CC: unable to verify cert before import
    [rhel-7.6.z] (ascheel)
  - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL)
    [rhel-7.6.z] (edewata)
  - ##########################################################################
  - # RHCS 9.4:
  - ##########################################################################
  - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)
* Thu Jan 31 2019 Dogtag Team <pki-devel@redhat.com> 10.5.9-11
  - Updated jss dependencies
  - ##########################################################################
  - # RHEL 7.6:
  - ##########################################################################
  - Bugzilla Bug #1671245 - CC: unable to verify cert before import
    [rhel-7.6.z] (ascheel)
  - Bugzilla Bug #1671303 - CC: Upgrade scripts for audit event names (RHEL)
    [rhel-7.6.z] (edewata)
  - ##########################################################################
  - # RHCS 9.4:
  - ##########################################################################
  - # Bugzilla Bug #1671586 - CC: Upgrade scripts for audit event names (RHCS)
* Mon Dec 17 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-10
  - ##########################################################################
  - # RHEL 7.6:
  - ##########################################################################
  - Bugzilla Bug #1659939 - CC: Simplifying Web UI session timeout
    configuration [rhel-7.6.z] (edewata)
  - ##########################################################################
  - # RHCS 9.4:
  - ##########################################################################
  - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,
    - # Added Batch Update Information to Product Version (mharmsen)
* Mon Dec 10 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-9
  - ##########################################################################
  - # RHEL 7.6:
  - ##########################################################################
  - Bugzilla Bug #1657922 - CC: CA/OCSP startup fail on SystemCertsVerification
    if enableOCSP is true [rhel-7.6.z] (jmagne)
  - ##########################################################################
  - # RHCS 9.4:
  - ##########################################################################
  - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,
* Wed Dec 05 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-8
  - ##########################################################################
  - # RHEL 7.6:
  - ##########################################################################
  - Bugzilla Bug #1645262 - pkidestroy may not remove all files [rhel-7.6.z]
    (dmoluguw)
  - Bugzilla Bug #1645263 - Auth plugins leave passwords in the access
    log and audit log using REST [rhel-7.6.z] (dmoluguw)
  - Bugzilla Bug #1645429 - pkispawn fails due to name collision with
    /var/log/pki/<instance> [rhel-7.6.z] (dmoluguw)
  - Bugzilla Bug #1655951 - CC: tools supporting CMC requests output
    keyID needs to be captured in file [rhel-7.6.z] (cfu)
  - Bugzilla Bug #1656297 - Unable to install with admin-generated keys
    [rhel-7.6.z] (edewata)
  - ##########################################################################
  - # RHCS 9.4:
  - ##########################################################################
  - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,
* Mon Oct 29 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-7
  - Require "tomcatjss >= 7.2.1-8" as a build and runtime requirement
  - ##########################################################################
  - # RHEL 7.6:
  - ##########################################################################
  - Bugzilla Bug #1632116 - CC: missing audit event for CS acting as
    TLS client [rhel-7.6.z] (cfu)
  - Bugzilla Bug #1632120 - Unsupported RSA_ ciphers should be
    removed from the default ciphers list [rhel-7.6.z] (cfu)
  - Bugzilla Bug #1632615 - Permit certain SHA384 FIPS ciphers to be
    enabled by default for RSA and ECC . . . [rhel-7.6.z] (cfu)
  - Bugzilla Bug #1632616 - X500Name.directoryStringEncodingOrder
    overridden by CSR encoding (coverity changes) [rhel-7.6.z] (mharmsen)
  - Bugzilla Bug #1633104 - CMC: add config to allow non-clientAuth
    [rhel-7.6.z] (cfu)
  - Bugzilla Bug #1636490 - Installation of CA using an existing CA fails
    [rhel-7.6.z] (edewata)
  - Bugzilla Bug #1643878 - pki cli command for RHCS doesn't prompt for
    a password [rhel-7.6.z] (edewata)
  - Bugzilla Bug #1643879 - CC: Identify version/release of pki-ca, pki-kra,
    pki-ocsp, pki-tks, and pki-tps remotely [RHEL] [rhel-7.6.z] (cfu, jmagne)
  - Bugzilla Bug #1643880 - PKI subsystem process is not shutdown when
    there is no space on the disk to write logs [rhel-7.6.z] (edewata)
  - ##########################################################################
  - # RHCS 9.4:
  - ##########################################################################
  - # Bugzilla Bug #1639836 - CC: Identify RHCS version of CA, KRA,
* Tue Aug 21 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-6
  - Updated nuxwdog dependencies
  - ##########################################################################
  - # RHEL 7.6:
  - ##########################################################################
  - Bugzilla Bug #673182 - ECC keys not supported for signing
    audit logs (cfu)
  - Bugzilla Bug #1593805 - Better understanding of
    NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu)
  - Bugzilla Bug #1601071 - Certificate generation happens with
    partial attributes in CMCRequest file (cfu)
  - Bugzilla Bug #1601569 - CC: Enable all config audit events
    (cfu)
  - Bugzilla Bug #1608375 - CMC Revocations throws exception
    with same reqIssuer & certissuer (cfu)
  - ##########################################################################
  - # RHCS 9.4:
  - ##########################################################################
  - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to
* Thu Aug 09 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-5
  - ##########################################################################
  - # RHEL 7.6:
  - ##########################################################################
  - Bugzilla Bug #1596629 - ipa-replica-install --setup-kra broken on DL0
    with latest version (abokovoy)
  - ##########################################################################
  - # RHCS 9.4:
  - ##########################################################################
  - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to
* Tue Jul 31 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-4
  - ##########################################################################
  - # RHEL 7.6:
  - ##########################################################################
  - Bugzilla Bug #1548203 - pki console configurations that involves ldap
    passwords leave the plain text password in signed audit logs (cfu)
  - ##########################################################################
  - # RHCS 9.4:
  - ##########################################################################
  - # Bugzilla Bug #1494591 - keyGen fails when only Identity
* Mon Jul 23 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-3
  - Re-spin alpha builds
* Thu Jul 05 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-2
  - ##########################################################################
  - # RHEL 7.6:
  - ##########################################################################
  - Bugzilla Bug #1471935 - X500Name.directoryStringEncodingOrder overridden
    by CSR encoding (cfu)
  - Bugzilla Bug #1538311 - Using a Netmask produces an odd entry in a
    certificate (ftweedal)
  - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in
    SharedToken scenario's (cfu)
  - Bugzilla Bug #1550742 - Address ECC profile overrides (cfu)
  - Bugzilla Bug #1562841 - servlet profileSubmitCMCSimple throws NPE (cfu)
  - Bugzilla Bug #1572432 - AuditVerify failure due to line breaks (cfu)
  - Bugzilla Bug #1592961 - Need proper default subjectDN for CMC request
    authenticated through SharedToken (cfu)
  - ##########################################################################
  - # RHCS 9.4:
  - ##########################################################################
  - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to
* Mon Jun 11 2018 Dogtag Team <pki-devel@redhat.com> 10.5.9-1
  - ##########################################################################
  - # RHEL 7.6:
  - ##########################################################################
  - Bugzilla Bug #1538311 - Using a Netmask produces an odd
    entry in a certifcate (ftweedal)
  - Bugzilla Bug #1544843 - ExternalCA: Installation failed during
    csr generation with ecc (rrelyea, gkapoor)
  - Bugzilla Bug #1557569 - Re-base pki-core from 10.5.1 to latest
    upstream 10.5.x (RHEL) (mharmsen)
  - Bugzilla Bug #1580394 - CMC CRMF requests result in
    InvalidKeyFormatException when signing algorithm is ECC (cfu)
  - Bugzilla Bug #1580527 - CVE-2018-1080 pki-core: Mishandled
    ACL configuration in AAclAuthz.java reverses rules that allow
    and deny access (ftweedal, cfu)
  - Bugzilla Bug #1585866 - CRMFPopClient tool - should allow
    option to do no key archival (cfu)
  - Bugzilla Bug #1588655 - Cert validation for installation with
    external CA cert (edewata)
  - ##########################################################################
  - # RHCS 9.4:
  - ##########################################################################
  - # Bugzilla Bug #1557570 - Re-base pki-core from 10.5.1 to
* Sat Jun 09 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-13.1
  - Rebuild due to build system database problem
* Fri Jun 08 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-13
  - ##########################################################################
  - # RHEL 7.5:
  - ##########################################################################
  - Bugzilla Bug #1553068 - Using a Netmask produces an odd
    entry in a certifcate [rhel-7.5.z] (ftweedal)
  - Bugzilla Bug #1585945 - CMC CRMF requests result in
    InvalidKeyFormatException when signing algorithm is ECC
    [rhel-7.5.z] (cfu)
  - Bugzilla Bug #1587826 - ExternalCA: Installation failed during
    csr generation with ecc [rhel-7.5.z] (rrelyea, gkapoor)
  - Bugzilla Bug #1588944 - Cert validation for installation with
    external CA cert [rhel-7.5.z] (edewata)
  - Bugzilla Bug #1588945 - CRMFPopClient tool - should allow
    option to do no key archival (cfu)
  - Bugzilla Bug #1589307 - CVE-2018-1080 pki-core: Mishandled
    ACL configuration in AAclAuthz.java reverses rules that allow
    and deny access [rhel-7.5.z] (ftweedal, cfu)
  - ##########################################################################
  - # RHCS 9.3:
  - ##########################################################################
  - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
* Tue May 22 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-12
  - Updated "jss" build and runtime requirements (mharmsen)
  - ##########################################################################
  - # RHEL 7.5:
  - ##########################################################################
  - Bugzilla Bug #1571582 - [MAN] Missing Man pages for tools CMCRequest,
    CMCResponse, CMCSharedToken (typos) [rhel-7.5.z] (cfu)
  - Bugzilla Bug #1572548 - IPA install with external-CA is failing when
    FIPS mode enabled. [rhel-7.5.z] (edewata)
  - Bugzilla Bug #1574848 - servlet profileSubmitCMCSimple throws NPE
    [rhel-7.5.z] (cfu)
  - Bugzilla Bug #1575521 - subsystem -> subsystem SSL handshake issue
    with TLS_ECDHE_RSA_* on Thales HSM [rhel-7.5.z] (cfu)
  - Bugzilla Bug #1581134 - ECC installation for non CA subsystems needs
    improvement [rhel-7.5.z] (jmagne)
  - Bugzilla Bug #1581135 - SAN in internal SSL server certificate in
    pkispawn configuration step [rhel-7.5.z] (cfu)
  - Bugzilla Bug #1581167 - CC: CMC profiles: Some CMC profiles have wrong
    input class_id [rhel-7.5.z] (cfu)
  - Bugzilla Bug #1581382 - ECDSA Certificates Generated by Certificate System
    9.3 fail NIST validation test with parameter field. [rhel-7.5.z] (cfu)
  - ##########################################################################
  - # RHCS 9.3:
  - ##########################################################################
  - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
* Mon Apr 09 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-11
  - ##########################################################################
  - # RHEL 7.5:
  - ##########################################################################
  - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for
    standard conformance [rhel-7.5.z] (cfu)
  - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools
    CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
  - ##########################################################################
  - # RHCS 9.3:
  - ##########################################################################
  - # Bugzilla Bug #1560233 - libtps does not directly depend on libz
* Fri Mar 23 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-10
  - ##########################################################################
  - # RHEL 7.5:
  - ##########################################################################
  - Bugzilla Bug #1550581 - CMCAuth throws
    org.mozilla.jss.crypto.TokenException: Unable to insert certificate into
    temporary database [rhel-7.5.z] (cfu)
  - Bugzilla Bug #1551067 - [MAN] Add --skip-configuration
    and --skip-installation into pkispawn man page. [rhel-7.5.z] (edewata)
  - Bugzilla Bug #1552241 - Make sslget aware of TLSv1_2 ciphers
    [rhel-7.5.z] (cheimes, mharmsen)
  - Bugzilla Bug #1553068 - Using a Netmask produces an odd entry
    in a certifcate [rhel-7.5.z] (ftweedal)
  - Bugzilla Bug #1554726 - Need ECC-specific Enrollment Profiles for
    standard conformance [rhel-7.5.z] (cfu)
  - Bugzilla Bug #1554727 - Permit additional FIPS ciphers to be enabled
    by default for RSA . . . [rhel-7.5.z] (mharmsen, cfu)
  - Bugzilla Bug #1557880 - [MAN] Missing Man pages for tools
    CMCRequest, CMCResponse, CMCSharedToken [rhel-7.5.z] (cfu)
  - Bugzilla Bug #1557883 - Console: Adding ACL from pki-console gives
    StringIndexOutOfBoundsException [rhel-7.5.z] (ftweedal)
  - Bugzilla Bug #1558919 - Not able to generate certificate request
    with ECC using pki client-cert-request [rhel-7.5.z] (akahat)
  - ##########################################################################
  - # RHCS 9.3:
  - ##########################################################################
  - # Bugzilla Bug #1560233 - libtps does not directly depend on libz
* Mon Feb 19 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-9
  - ##########################################################################
  - # RHEL 7.5:
  - ##########################################################################
  - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
    - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event
    set (RHEL) (edewata)
  - Bugzilla Bug #1532867 - Inconsistent key ID encoding (edewata)
  - Bugzilla Bug #1540687 - CC: External OCSP Installation failure with HSM
    and FIPS (edewata)
  - ##########################################################################
  - # RHCS 9.3:
  - ##########################################################################
  - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
    - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit event
* Mon Feb 12 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-8
  - ##########################################################################
  - # RHEL 7.5:
  - ##########################################################################
  - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
    - Bugzilla Bug #1542210 - pki console configurations that involves ldap
    passwords leave the plain text password in debug logs (jmagne)
  - Bugzilla Bug #1543242 - Regression in lightweight CA key replication
    (ftweedal)
  - ##########################################################################
  - # RHCS 9.3:
  - ##########################################################################
  - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
* Mon Feb 05 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-7
  - ##########################################################################
  - # RHEL 7.5:
  - ##########################################################################
  - # Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
    - Bugzilla Bug #1445532 - CC: Audit Events: Update the default audit event
    set (RHEL) (edewata)
  - Bugzilla Bug #1522938 - CC: Missing faillure resumption detection and
    audit event logging at startup (jmagne)
  - Bugzilla Bug #1523410 -  Unable to have non "pkiuser" owned CA instance
    (alee)
  - Bugzilla Bug #1525306 - CC: missing CMC request and response record
    (cfu)
  - Bugzilla Bug #1532933 - Installing subsystems with external CMC
    certificates in HSM environment shows import error (edewata)
  - Bugzilla Bug #1535797 - ExternalCA: Failures when installed with hsm
    (edewata)
  - Bugzilla Bug #1539125 - restrict default cipher suite to those ciphers
    permitted in fips mode (mharmsen)
  - Bugzilla Bug #1539198 - Inconsistent CERT_REQUEST_PROCESSED
    outcomes. (edewata)
  - Bugzilla Bug #1540440 - CMC: Audit Events needed for failures in
    SharedToken scenario's (cfu)
  - Bugzilla Bug #1541526 - CMC: Revocation works with an unknown
    revRequest.issuer (cfu)
  - Bugzilla Bug #1541853 - ProfileService: config values with
    backslashes have backslashes removed (ftweedal)
  - ##########################################################################
  - # RHCS 9.3:
  - ##########################################################################
  - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
    - # Bugzilla Bug #1404075 - CC: Audit Events: Update the default audit
    - # Bugzilla Bug #1501436 - TPS CS.cfg should be reflected with the
* Tue Jan 23 2018 Dogtag Team <pki-devel@redhat.com> 10.5.1-6
  - Updated jss, nuxwdog, and openssl dependencies
  - ##########################################################################
  - # RHEL 7.5:
  - ##########################################################################
  - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
    (RHEL)
  - Bugzilla Bug #1402280 - CA Cloning: Failed to update number range in
    few cases (ftweedal)
  - Bugzilla Bug #1428021 - CC: shared token storage and retrieval
    mechanism (cfu)
  - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false
    would cause error (cfu)
  - Bugzilla Bug #1498957 - pkidestroy does not work with nuxwdog
     (alee)
  - Bugzilla Bug #1520277 - PR_FILE_NOT_FOUND_ERROR during
    pkispawn (alee)
  - Bugzilla Bug #1520526 - p12 admin certificate is missing when
    certificate is signed Externally (edewata)
  - Bugzilla Bug #1523410 - Unable to have non "pkiuser" owned CA
     instance (alee)
  - Bugzilla Bug #1523443 - HAProxy rejects OCSP responses due to
    missing nextupdate field (ftweedal)
  - Bugzilla Bug #1526881 - Not able to setup CA with ECC (mharmsen)
  - Bugzilla Bug #1532759 - pkispawn seems to be leaving our passwords
    in several different files after installation completes (alee)
  - ##########################################################################
  - # RHCS 9.3:
  - ##########################################################################
  - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core,
* Mon Dec 11 2017 Dogtag Team <pki-devel@redhat.com> 10.5.1-5
  - ##########################################################################
  - # RHEL 7.5:
  - ##########################################################################
  - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
    (RHEL)
  - Bugzilla Bug #1466066 - CC: Secure removal of secret data storage
    (jmagne)
  - Bugzilla Bug #1518096 - ExternalCA: Failures in ExternalCA when tried to
    setup with CMC signed certificates (cfu)
  - ##########################################################################
  - # RHCS 9.3:
  - ##########################################################################
  - # Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Mon Nov 27 2017 Dogtag Team <pki-devel@redhat.com> 10.5.1-4
  - ##########################################################################
  - # RHEL 7.5:
  - ##########################################################################
  - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
    (RHEL)
  - ##########################################################################
  - # RHCS 9.3:
  - ##########################################################################
  - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Tue Nov 14 2017 Troy Dawson <tdawson@redhat.com> - 10.5.1-3
  - dogtagpki Pagure Issue #2853 - Cleanup spec file conditionals
* Wed Nov 08 2017 Dogtag Team <pki-devel@redhat.com> 10.5.1-2
  - Patch applying check-ins since 10.5.1-1
* Thu Nov 02 2017 Dogtag Team <pki-devel@redhat.com> 10.5.1-1
  - ##########################################################################
  - # RHEL 7.5:
  - ##########################################################################
  - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
    (RHEL)
  - ##########################################################################
  - # RHCS 9.3:
  - ##########################################################################
  - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Thu Oct 19 2017 Dogtag Team <pki-devel@redhat.com> 10.5.0-1
  - ##########################################################################
  - # RHEL 7.5:
  - ##########################################################################
  - Bugzilla Bug #1473452 - Rebase pki-core to latest upstream 10.5.x release
    (RHEL)
  - ##########################################################################
  - # RHCS 9.3:
  - ##########################################################################
  - #Bugzilla Bug #1471303 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
* Mon Sep 18 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-15
  - #Bugzilla Bug #1492560 - ipa-replica-install --setup-kra broken on DL0
* Tue Sep 12 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-14
  - #Require "jss >= 4.4.0-8" as a build and runtime requirement
  - ##########################################################################
  - # RHEL 7.4:
  - ##########################################################################
  - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332
  - # Bugzilla Bug #1486870 - Lightweight CA key replication fails (regressions)
    - # Bugzilla Bug #1485833 - Missing CN in user signing cert would cause error
    - # Bugzilla Bug #1487509 - pki-server-upgrade fails when upgrading from
    - # Bugzilla Bug #1490241 - PKCS12: upgrade to at least AES and SHA2 (FIPS)
    - # Bugzilla Bug #1491332 - TPS UI: need to display tokenType and tokenOrigin
    - # dogtagpki Pagure Issue #2764 - py3: pki.key.archive_encrypted_data:
    - ##########################################################################
  - # RHCS 9.2:
  - ##########################################################################
  - # Resolves: rhbz #1486870,1485833,1487509,1490241,1491332,1482729,1462271
  - # Bugzilla Bug #1462271 - TPS incorrectly assigns "tokenOrigin" and
    - # Bugzilla Bug #1482729 - TPS UI: need to display tokenType and tokenOrigin
* Mon Aug 21 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-13
  - Resolves: rhbz #1463350
  - ##########################################################################
  - # RHEL 7.4:
  - ##########################################################################
  - # Bugzilla Bug #1463350 - Access banner validation (edewata)
* Wed Jul 19 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-12
  - # Resolves: rhbz #1472615,1472617,1469447,1463350,1469449,1472619,1464970,1469437,1469439,1469446
  - ##########################################################################
  - # RHEL 7.4:
  - ##########################################################################
  - # Bugzilla Bug #1472615 - CC: allow CA to process pre-signed CMC non-signing
        - # Bugzilla Bug #1472617 - CMC: cmc.popLinkWitnessRequired=false would cause
      - # Bugzilla Bug #1469447 - CC: CMC: check HTTPS client authentication cert
      - # Bugzilla Bug #1463350 - Access banner validation (edewata)
    - # Bugzilla Bug #1469449 - CC: allow CA to process pre-signed CMC renewal
        - # Bugzilla Bug #1472619 - Platform Dependent Python Import (mharmsen)
    - # Bugzilla Bug #1464970 - CC: CMC: replace id-cmc-statusInfo with
      - # Bugzilla Bug #1469437 - subsystem-cert-update command lacks --cert option
      - # Bugzilla Bug #1469439 - Fix Key Changeover with HSM to support SCP03
      - # Bugzilla Bug #1469446 - CC: need CMC enrollment profiles for system
* Mon Jul 17 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-11
  - # Resolves: rhbz #1469432
  - ##########################################################################
  - # RHEL 7.4:
  - ##########################################################################
  - # Bugzilla Bug #1469432 - CMC plugin default change
  - # Resolves CVE-2017-7537
  - # Fixes BZ #1470948
* Mon Jun 19 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-10
  - ##########################################################################
  - # RHEL 7.4:
  - ##########################################################################
  - Bugzilla Bug #1458043 - Key recovery on token fails with
    invalid public key error on KRA (alee)
  - Bugzilla Bug #1460764 - CC: CMC: check HTTPS client
    authentication cert against CMC signer (cfu)
  - Bugzilla Bug #1461533 - Unable to find keys in the p12 file after
    deleting the any of the subsystem certs from it (ftweedal)
* Mon Jun 12 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-9
  - ##########################################################################
  - # RHEL 7.4:
  - ##########################################################################
  - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret)
    using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne)
  - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC
    non-signing certificate requests (cfu)
  - Bugzilla Bug #1419777 - CC: allow CA to process pre-signed CMC
     revocation non-signing cert requests (cfu)
  - Bugzilla Bug #1458047 - change the way aes clients refer to
    aes keysets (alee)
  - Bugzilla Bug #1458055 - dont reuse IVs in the CMC code
    (alee)
  - Bugzilla Bug #1460028 - In keywrap mode, key recovery on
    KRA with HSM causes KRA to crash (ftweedal)
* Mon Jun 05 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-8
  - Require "selinux-policy-targeted >= 3.13.1-159" as a runtime requirement
  - Require "tomcatjss >= 7.2.1-4" as a build and runtime requirement
  - ##########################################################################
  - # RHEL 7.4:
  - ##########################################################################
  - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS
    enabled system (edewata)
  - Bugzilla Bug #1447144 - CA brought down during separate KRA instance
    creation (edewata)
  - Bugzilla Bug #1447762 - pkispawn fails occasionally with this failure
    ACCESS_SESSION_ESTABLISH_FAILURE (edewata)
  - Bugzilla Bug #1454450 - SubCA installation failure with 2 step
    installation in fips enabled mode (edewata)
  - Bugzilla Bug #1456597 - Certificate import using pki client-cert-import
    is asking for password when already provided (edewata)
  - Bugzilla Bug #1456940 - Build failure due to Pylint issues (cheimes)
  - Bugzilla Bug #1458043 - Key recovery using externalReg fails
    with java null pointer exception on KRA (alee)
  - Bugzilla Bug #1458379 - Upgrade script for keepAliveTimeout parameter
    (edewata)
  - Bugzilla Bug #1458429 - client-cert-import --ca-cert should
    import CA cert with trust bits "CT,C,C" (edewata)
  - ##########################################################################
  - # RHCS 9.2:
  - ##########################################################################
  - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)
* Tue May 30 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-7
  - ##########################################################################
  - # RHEL 7.4:
  - ##########################################################################
  - Bugzilla Bug #1393633 - Creating symmetric key (sharedSecret)
    using tkstool is failing when RHEL 7.3 is in FIPS mode. (jmagne)
  - Bugzilla Bug #1445519 - CA Server installation with HSM fails
    (jmagne)
  - Bugzilla Bug #1452617 - Unable to create IPA Sub CA
    (ftweedal)
  - Bugzilla Bug #1454471 - Enabling all subsystems on startup
    (edewata)
  - Bugzilla Bug #1455617 - Key recovery on token fails because
    key record is not marked encrypted (alee)
* Tue May 23 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-6
  - Bugzilla Bug #1454603 - Unable to install IPA server due to pkispawn error
    (mharmsen)
* Mon May 22 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-5
  - ##########################################################################
  - # RHEL 7.4:
  - ##########################################################################
  - Bugzilla Bug #1419761 - CC: allow CA to process pre-signed CMC renewal
    non-signing cert requests (cfu)
  - Bugzilla Bug #1447080 - CC: CMC: allow enrollment key signed (self-signed)
    CMC with identity proof (cfu)
  - Bugzilla Bug #1447144 - CA brought down during separate KRA instance
    creation (mharmsen)
  - Bugzilla Bug #1448903 - exception Invalid module "--ignore-banner" when
    defined in ~/.dogtag/pki.conf and run pki pkcs12-import --help (edewata)
  - Bugzilla Bug #1450143 - CA installation with HSM in FIPS mode fails (jmagne)
  - Bugzilla Bug #1452123 - CA CS.cfg shows default port (mharmsen)
  - Bugzilla Bug #1452250 - Inconsistent CERT_REQUEST_PROCESSED event in
    ConnectorServlet. (edewata)
  - Bugzilla Bug #1452340 - Ensuring common audit log correctness (edewata)
  - Bugzilla Bug #1452344 - Adding serial number into CERT_REQUEST_PROCESSED
    audit event. (edewata)
* Tue May 09 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-4
  - ##########################################################################
  - # RHEL 7.4:
  - ##########################################################################
  - Bugzilla Bug #1386303 - cannot extract generated private key from KRA when
    HSM is used. (alee)
  - Bugzilla Bug #1446364 - pkispawn returns before tomcat is ready (cheimes)
  - Bugzilla Bug #1447145 - CMC: cmc.popLinkWitnessRequired=false would cause
    error (cfu)
  - Bugzilla Bug #1448203 - CAInfoService: retrieve KRA-related values from
    the KRA (ftweedal)
  - Bugzilla Bug #1448204 - pkispawn of clone install fails with
    InvalidBERException (ftweedal)
  - Bugzilla Bug #1448521 - kra unable to extract symmetric keys generated on
    thales hsm (alee)
  - Updated "jss" build and runtime requirements (mharmsen)
  - ##########################################################################
  - # RHCS 9.2:
  - ##########################################################################
  - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)
* Mon May 01 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-3
  - ############################################################################
  - # RHEL 7.4:
  - ############################################################################
  - Bugzilla Bug #1303683 - dogtag should support GSSAPI based auth in
    conjuction with FreeIPA (ftweedal)
  - Bugzilla Bug #1385208 - RHCS 9.1 RC5 CA in the certificate profiles the
    startTime parameter is not working as expected. (jmagne)
  - Bugzilla Bug #1419756 - CC: allow CA to process pre-signed CMC non-signing
    certificate requests (cfu)
  - Bugzilla Bug #1426754 - PKCS12: upgrade to at least AES and SHA2 (ftweedal)
  - Bugzilla Bug #1445088 - profile modification cannot remove existing config
    parameters (ftweedal)
  - Bugzilla Bug #1445535 - CC: Crypto Operation (AES Encryption/Decryption)
    (RHEL) (alee)
  - Bugzilla Bug #1446874 - Missing ClientIP and ServerIP in audit log when
    pki CLI terminates SSL connection (edewata)
  - Bugzilla Bug #1446875 - Session timeout for PKI console (RHEL) (edewata)
  - ############################################################################
  - # RHCS 9.2:
  - ############################################################################
  - Bugzilla Bug #1404480 - CC: Crypto Operation (AES Encryption/Decryption)
    (RHCS) (alee)
* Mon Apr 17 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-2
  - ############################################################################
  - # RHEL 7.4:
  - ############################################################################
  - Bugzilla Bug #1282504 - Installing pki-server in container reports
    scriptlet failed, exit status 1 (jpazdziora)
  - Bugzilla Bug #1400149 - pkispawn fails to create CA subsystem on FIPS
    enabled system (edewata)
  - Bugzilla Bug #1410650 - [RFE] Add SCP03 support
    for sc 7 g & d cards (RHEL) (jmagne)
  - Bugzilla Bug #1437591 - cli authentication using expired cert throws an
    exception (edewata)
  - Bugzilla Bug #1437602 - non-CA cli looks for CA in the instance during a
    request (edewata)
  - ############################################################################
  - # RHCS 9.2:
  - ############################################################################
  - Bugzilla Bug #1274086 - [RFE] Add SCP03 support
    for sc 7 g & d cards (RHCS) (jmagne)
  - ############################################################################
  - # Common Criteria
  - ############################################################################
  - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures
    (edewata)
  - Bugzilla Bug #1417307 - CC: Audit Review /Searches (edewata)
  - Bugzilla Bug #1419737 - CC: CMC: id-cmc-popLinkWitnessV2 feature
    implementation (cfu)
* Mon Mar 27 2017 Dogtag Team <pki-devel@redhat.com> 10.4.1-1
  - Require "nss >= 3.28.3" as a build and runtime requirement
  - Require "jss >= 4.4.0-4" as a build and runtime requirement
  - Require "tomcatjss >= 7.2.1-3" as a build and runtime requirement
  - dogtagpki Pagure Issue #2612 - Unable to clone due to pki pkcs12-cert-find
    failure (edewata)
  - ############################################################################
  - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4
  - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
    pki-console to 10.4.x
  - ############################################################################
  - # RHEL 7.4:
  - ############################################################################
  - ############################################################################
  - # RHCS 9.2:
  - ############################################################################
  - ############################################################################
  - # Common Criteria
  - ############################################################################
  - Bugzilla Bug #1419734 - CC: CMC: id-cmc-identityProofV2 feature
    implementation (cfu)
  - Bugzilla Bug #1419742 - CC: CMC: provide Proof of Possession for encryption
    cert requests (cfu)
  - Bugzilla Bug #1404080 - CC: add audit event: various SSL/TLS failures
    (edewata)
  - Bugzilla Bug #1428020 - CC: CMC feature support: provided issuance
    protection cert mechanism (cfu)
* Tue Mar 14 2017 Dogtag Team <pki-devel@redhat.com> 10.4.0-1
  - Require "jss >= 4.4.0-1" as a build and runtime requirement
  - Require "tomcatjss >= 7.2.1-1" as a build and runtime requirement
  - ############################################################################
  - Bugzilla Bug #1394309 - Rebase pki-core to 10.4.x in RHEL-7.4
  - Bugzilla Bug #1394315 - Rebase redhat-pki, redhat-pki-theme, pki-core, and
    pki-console to 10.4.x
  - ############################################################################
  - # RHEL 7.4:
  - ############################################################################
  - Bugzilla Bug #1222557 - ECDSA Certificates Generated by Certificate System
    8.1 fail NIST validation test with parameter field. (cfu)
  - Bugzilla Bug #1238684 - Generting Symmetric key fails with key-generate
    when --usages verify (vakwetu)
  - Bugzilla Bug #1246635 - user-cert-add --serial CLI request to secure port
    with remote CA shows authentication failure (edewata)
  - Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does
    not show proper error message (vakwetu)
  - Bugzilla Bug #1305993 - Add profile component that copies CN to SAN
    (ftweedal)
  - Bugzilla Bug #1316653 - pki ca-cert-request-submit fails presumably because
    of missing authentication even if it should not require any (edewata)
  - Bugzilla Bug #1325071 - add options to enable/disable cert or crl
    publishing. (vakwetu)
  - Bugzilla Bug #1330800 - Failed to start pki-tomcatd Service
    ("ipa-cacert-manage renew" failed?) (edewata)
  - Bugzilla Bug #1368410 - Misleading Logging for HSM (edewata)
  - Bugzilla Bug #1372052 - Unable to search certificate requests using the
    latest request ID (edewata)
  - Bugzilla Bug #1375347 - Typo in comment line of
    UserPwdDirAuthentication.java (edewata)
  - Bugzilla Bug #1376226 - IPA replica-prepare failed with error
    "Profile caIPAserviceCert Not Found" (ftweedal)
  - Bugzilla Bug #1376488 - pkispawn fails as it is not able to find openssl as
    a dependency package (mharmsen)
  - Bugzilla Bug #1378275 - two-step externally-signed CA installation fails due
    to missing AuthorityID (ftweedal)
  - Bugzilla Bug #1378277 - Spurious host authority entries created (ftweedal)
  - Bugzilla Bug #1378527 - Miscellaneous Minor Changes (edewata)
  - Bugzilla Bug #1381084 - KRA installation failed against externally-signed CA
    with partial certificate chain (edewata)
  - Bugzilla Bug #1382066 - Problems with FIPS mode (edewata)
  - Bugzilla Bug #1386371 - Remove xenroll.dll from pki-core (mharmsen)
  - Bugzilla Bug #1386424 - Fix packaging duplicates of classes in multiple jar
    files (edewata)
  - Bugzilla Bug #1391737 - Changes to target.agent.approve.list parameter is
    not reflected in the TPS Web UI (RHEL 7) (edewata)
  - Bugzilla Bug #1392068 - [RFE] add express archivals and retrievals from KRA
    (vakwetu)
  - Bugzilla Bug #1395817 - Unable to install subordinate CA with HSM in FIPS
    mode (edewata)
  - Bugzilla Bug #1397200 - pkispawn does not change default ecc key size from
    nistp256 when nistp384 is specified in spawn config (jmagne)
  - Bugzilla Bug #1399862 - Dogtag 10.3.9 Man Pages (edewata)
  - Bugzilla Bug #1404881 - TPS throws "err=6" when attempting to format and
    enroll G&D Cards (jmagne)
  - Bugzilla Bug #1405654 - Token memory not wiped after key deletion (RHEL)
    (jmagne)
  - Bugzilla Bug #1409946 - Request ID undefined for CA signing certificate
    (vakwetu)
  - Bugzilla Bug #1409949 - CA Certificate Issuance Date displayed on CA website
    incorrect (vakwetu)
  - Bugzilla Bug #1410650 - [RFE] Add SCP03 support (RHEL) (jmagne)
  - Bugzilla Bug #1411428 - Unable to create a CA clone in FIPS (edewata)
  - Bugzilla Bug #1412211 - Unable to set up KRA in FIPS (edewata)
  - Bugzilla Bug #1412681 - update to 7.3 IPA with otpd bugfixes, tomcat will
    not finish start, hangs (ftweedal)
  - Bugzilla Bug #1413132 - pki-tomcat for 10+ minutes before generating cert
    (edewata)
  - Bugzilla Bug #1413136 - Problem with default AJP hostname in IPv6
    environment. (edewata)
  - ############################################################################
  - # RHCS 9.2:
  - ############################################################################
  - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1 (cfu)
  - Bugzilla Bug #1274086 - [RFE] Add SCP03 support (RHCS) (jmagne)
  - Bugzilla Bug #1274096 - [BUG] Add ability to disallow TPS to enroll a single
    user on multiple tokens. (jmagne)
  - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed
    tokens (jmagne)
  - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working
    when a token is physically damaged and a temporary token is issued (jmagne)
  - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial
    number and key id on the ldap user mismatches (cfu)
  - Bugzilla Bug #1381635 - Token format with external reg fails when
    op.format.externalRegAddToToken.revokeCert=true (cfu)
  - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when
    set on a token (jmagne)
  - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
    not reflected in the TPS Web UI (RHCS 9) (edewata)
  - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS
    tokendb shows different certificate status (cfu)
  - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and
    enroll G&D Cards (RHCS) (jmagne)
  - Bugzilla Bug #1404900 - Dogtag 10.3.9 logging properties (edewata)
  - Bugzilla Bug #1405655 - Token memory not wiped after key deletion (RHCS)
    (jmagne)
  - ############################################################################
* Mon Mar 06 2017 Dogtag Team <pki-devel@redhat.com> 10.3.3-18
  - ## RHEL 7.3.z Batch Update 4
  - Bugzilla Bug #1429492 - Add profile component that copies CN to SAN
    (ftweedal)
* Mon Jan 30 2017 Dogtag Team <pki-devel@redhat.com> 10.3.3-17
  - ## RHCS 9.1.z Batch Update 3
  - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS
    tokendb shows different certificate status (cfu)
  - ## RHEL 7.3.z Batch Update 3
  - Bugzilla Bug #1417063 - ECDSA Certificates Generated by Certificate System
    8.1 fail NIST validation test with parameter field. (cfu)
  - Bugzilla Bug #1417064 - Unable to search certificate requests using the
    latest request ID (edewata)
  - Bugzilla Bug #1417065 - CA Certificate Issuance Date displayed on CA website
    incorrect (alee)
  - Bugzilla Bug #1417066 - update to 7.3 IPA with otpd bugfixes, tomcat will
    not finish start, hangs (ftweedal)
  - Bugzilla Bug #1417067 - pki-tomcat for 10+ minutes before generating cert
    (edewata)
  - Bugzilla Bug #1417190 - Problem with default AJP hostname in IPv6
    environment. (edewata)
* Thu Dec 15 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-16
  - Separate original patches into RHEL and RHCS portions
  - ## RHEL 7.3.z Batch Update 2
  - Bugzilla Bug #1404176 - logging properties and man pages (edewata)
  - Bugzilla Bug #1405328 - TPS throws "err=6" when attempting to format and
    enroll G&D Cards (jmagne)
  - ## RHCS 9.1.z Batch Update 2
  - Bugzilla Bug #1395479 - TPS throws "err=6" when attempting to format and
    enroll G&D Cards (jmagne)
  - Bugzilla Bug #1404900 - RHCS logging properties (edewata)
* Tue Dec 13 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-15
  - ## RHEL 7.3.z Batch Update 2
  - Bugzilla Bug #1404173 - user-cert-add --serial CLI request to secure port
    with remote CA shows authentication failure (edewata)
  - Bugzilla Bug #1404175 -  pki ca-cert-request-submit fails presumably because
    of missing authentication even if it should not require any (edewata)
  - Bugzilla Bug #1404178 - Changes to target.agent.approve.list parameter is
    not reflected in the TPS Web UI [pki-base] (edewata)
  - Bugzilla Bug #1404172 - Unable to install subordinate CA with HSM in FIPS
    mode (edewata)
  - Bugzilla Bug #1403689 - pkispawn does not change default ecc key size from
    nistp256 when nistp384 is specified in spawn config (jmagne)
  - Bugzilla Bug #1404176 - logging properties and man pages (edewata)
  - ## RHCS 9.1.z Batch Update 2
  - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
    not reflected in the TPS Web UI [pki-tps] (edewata)
  - Bugzilla Bug #1391207 - Automatic recovery of encryption cert - CA and TPS
    tokendb shows different certificate status (cfu)
  - Bugzilla Bug #1395479 -  TPS throws "err=6" when attempting to format and
    enroll G&D Cards (jmagne)
* Tue Nov 08 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-14
  - Marked the following RHCS 9.1.z bug:
    Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel
    when TPS and TKS security db is on fips mode. (jmagne)
    as a duplicate of RHEL 7.3.z bug:
    Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)
    and moved the patch from the RHCS 9.1.z bug to the RHEL 7.3.z bug.
* Thu Nov 03 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-13
  - ## RHEL 7.3.z Batch Update 1
  - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)
    (added KRA key recovery via CLI in FIPS mode)
  - ## RHCS 9.1.z Batch Update 1
  - Reverted patches associated with
    Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
    not reflected in the TPS Web UI (edewata)
* Mon Oct 31 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-12
  - ## RHEL 7.3.z Batch Update 1
  - Bugzilla Bug #1390318 - CA EE: Submit caUserCert request without uid does
    not show proper error message (alee)
  - Bugzilla Bug #1390319 - Failed to start pki-tomcatd Service
    ("ipa-cacert-manage renew" failed?) (edewata)
  - Bugzilla Bug #1390320 - pkispawn fails as it is not able to find openssl as
    a dependency package (mharmsen)
  - Bugzilla Bug #1390321 - two-step externally-signed CA installation fails due
    to missing AuthorityID (ftweedal)
  - Bugzilla Bug #1390322 - Spurious host authority entries created (ftweedal)
  - Bugzilla Bug #1390324 - KRA installation failed against externally-signed CA
    with partial certificate chain (edewata)
  - Bugzilla Bug #1389757 - Problems with FIPS mode (edewata)
  - Bugzilla Bug #1390311 - Fix packaging duplicates of classes in multiple jar
    files (edewata)
  - Bugzilla Bug #1390325 - Typo in comment line of UserPwdDirAuthentication.java
    (edewata)
  - ## RHCS 9.1.z Batch Update 1
  - Bugzilla Bug #1248553 - TPS Enrollment always goes to "ca1" (cfu)
  - Bugzilla Bug #1274096 -  [BUG] Add ability to disallow TPS to enroll a
    single user on multiple tokens. (jmagne)
  - Bugzilla Bug #1379379 - Unable to read an encrypted email using renewed
    tokens (jmagne)
  - Bugzilla Bug #1379749 - Automatic recovery of encryption cert is not working
    when a token is physically damaged and a temporary token is issued (jmagne)
  - Bugzilla Bug #1381375 - Cert/Key recovery is successful when the cert serial
    number and key id on the ldap user mismatches
  - Bugzilla Bug #1381635 - Token format with external reg fails when
    op.format.externalRegAddToToken.revokeCert=true (cfu)
  - Bugzilla Bug #1382762 - PIN_RESET policy is not giving expected results when
    set on a token (jmagne)
  - Bugzilla Bug #1382862 - TPS token enrollment fails to setupSecureChannel
    when TPS and TKS security db is on fips mode. (jmagne)
  - Bugzilla Bug #1386257 - Changes to target.agent.approve.list parameter is
    not reflected in the TPS Web UI (edewata)
* Mon Oct 10 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-11
  - PKI TRAC Ticket #1527 - TPS Enrollment always goes to "ca1" (cfu)
  - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single
    user on multiple tokens. (jmagne)
  - PKI TRAC Ticket #2478 - pkispawn fails as it is not able to find openssl as a
    dependency package (mharmsen)
  - PKI TRAC Ticket #2483 - Unable to read an encrypted email using renewed
    tokens (jmagne)
  - PKI TRAC Ticket #2496 - Cert/Key recovery is successful when the cert serial
    number and key id on the ldap user mismatches (cfu)
  - PKI TRAC Ticket #2505 - Fix packaging duplicates of classes in multiple jar
    files (edewata)
* Fri Sep 09 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-10
  - Revert Patch:  PKI TRAC Ticket #2449 - Unable to create system certificates
    in different tokens (edewata)
  - Resolves:  rhbz #1374054 - ipa-replica-install fails setting up certificate
  - Restores:  rhbz #1319557 - pkispawn KRA instance is failing server
  - Removes from Errata:  rhbz #1372041 - Unable to create system certificates
    in different tokens
* Tue Sep 06 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-9
  - PKI TRAC Ticket #1638 - Lightweight CAs: revoke certificate on CA deletion
    (ftweedal)
  - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
    (edewata)
  - PKI TRAC Ticket #2443 - Prevent deletion of host CA's keys if LWCA entry
    deleted (ftweedal)
  - PKI TRAC Ticket #2444 - Authority entry without entryUSN is skipped even if
    USN plugin enabled (ftweedal)
  - PKI TRAC Ticket #2446 - pkispawn: make subject_dn defaults unique per
    instance name (for shared HSM) (cfu)
  - PKI TRAC Ticket #2447 - CertRequestInfo has incorrect URLs (vakwetu)
  - PKI TRAC Ticket #2449 - Unable to create system certificates in different
    tokens (edewata)
* Mon Aug 29 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-8
  - PKI TRAC Ticket #1578 - Authentication Instance Id PinDirEnrollment with authType value as SslclientAuth is not working (jmagne)
  - PKI TRAC TIcket #2414 - pki pkcs12-cert-del shows a successfully deleted message when a wrong nickname is provided (gkapoor)
  - PKI TRAC Ticket #2423 - pki_ca_signing_token when not specified does not fallback to pki_token_name value (edewata)
  - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements (akasurde) - ticket remains open
  - PKI TRAC Ticket #2439 - Outdated deployment descriptors in upgraded server(edewata)
* Tue Aug 23 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-7
  - PKI TRAC Ticket #690 - [MAN] pki-tools man pages (mharmsen)
    - CMCEnroll
  - PKI TRAC Ticket #833 - pki user-mod fullName="" gives an error message
    "PKIException: LDAP error (21): error result" (edewata)
  - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade.
    (cheimes, edewata, mharmsen)
  - PKI TRAC Ticket #2432 - Kra-selftest behavior is not as expected (edewata)
  - PKI TRAC Ticket #2436 - Dogtag 10.3.6: Miscellaneous Enhancements
    (edewata, mharmsen)
  - PKI TRAC Ticket #2437 - TPS UI: while adding certs for users from TPSUI pem
    format with/without header works while pkcs7 with header is not allowed
    (edewata)
  - PKI TRAC Ticket #2440 - Optional CA signing CSR for migration (edewata)
* Mon Aug 15 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-6
  - Bugzilla Bug #1366465 - Errata TPS upgrade test fails
* Mon Aug 08 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-5
  - PKI TRAC Ticket #978  - TPS connector man page: add revocation routing
    info (cfu)
  - PKI TRAC Ticket #1285 - [MAN] Apply 'generateCRMFRequest() removed from
    Firefox' workarounds to appropriate 'pki' man page (jmagne)
  - PKI TRAC Ticket #2246 - [MAN] Man Page: AuditVerify (cfu)
  - PKI TRAC Ticket #2381 - Throws exception while providing invalid module.
    (edewata)
  - PKI TRAC Ticket #2383 - CLI :: pki client-cert-request --extractable
    should accept only boolean value (edewata)
  - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter
    beyond CA signing cert in case of external or existing CA (cfu)
  - PKI TRAC Ticket #2399 - Dogtag 10.3.5: Miscellaneous Enhancements
    (akasurde, alee, cheimes, edewata, jmagne, mharmsen)
  - PKI TRAC Ticket #2401 - pkispawn calls dnsdomainname even if it does not
    rpm-require hostname (mharmsen)
  - PKI TRAC Ticket #2402 - Conflict in file ownership in pki-base and
    pki-server (cheimes)
  - PKI TRAC Ticket #2403 - Deployment problem with RESTEasy 3.0.17 (edewata)
  - PKI TRAC Ticket #2406 - Make starting CRL Number configurable (jmagne)
  - PKI TRAC Ticket #2412 - pki client-cert-import --trust option does not
    apply the specified trust bits (alee)
  - PKI TRAC Ticket #2418 - [TPS] Some template substitution didn't happen
    during installation (alee)
  - PKI TRAC Ticket #2420 - CA subsystem OSCP responder fails when LWCAs are
    not used (ftweedal)
  - PKI TRAC Ticket #2421 - Incorrect SELinux contexts
    Installation/Configuration (edewata)
  - PKI TRAC Ticket #2424 - ipa-ca-install fails on replica when IPA server
    is converted from CA-less to CA-full (edewata)
  - PKI TRAC Ticket #2428 - broken request links for CA's system certs in
    agent request viewing (cfu)
  - PKI TRAC Ticket #2430 - CA Agent certificate list is not sorted by serial
    number in migration case (jmagne)
  - PKI TRAC Ticket #2431 - Errors noticed during ipa server upgrade.
    (mharmsen)
  - PKI TRAC Ticket #2433 - Lightweight CA GET <id>/chain returns bogus PEM
    data (ftweedal)
* Tue Jul 05 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-3
  - PKI TRAC Ticket #691  - [MAN] pki-server man pages (mharmsen)
  - PKI TRAC Ticket #1114 - [MAN] Generting Symmetric key fails with
    key-generate when --usages verify is passed (jmagne)
  - PKI TRAC Ticket #1306 - [RFE] Add granularity to token termination in TPS
    (cfu)
  - PKI TRAC Ticket #1308 - [RFE] Provide ability to perform off-card key
    generation for non-encryption token keys (cfu)
  - PKI TRAC Ticket #1405 - [MAN] Add additional HSM details to
    'pki_default.cfg' & 'pkispawn' man pages (mharmsen)
  - PKI TRAC Ticket #1607 - [MAN] man pkispawn has inadequate description for
    shared vs non shared tomcat instance installation (mharmsen)
  - PKI TRAC Ticket #1664 - [BUG] Add ability to disallow TPS to enroll a single
    user on multiple tokens. (jmagne)
  - PKI TRAC Ticket #1711 - CLI :: pki-server ca-cert-request-find throws
    IOError (edewata, ftweedal)
  - PKI TRAC Ticket #2285 - freeipa fails to start correctly after pki-core
    update on upgraded system (ftweedal)
  - PKI TRAC Ticket #2311 - When pki_token_name=Internal, consider normalizing
    it to "internal" (mharmsen)
  - PKI TRAC Ticket #2349 - Separated TPS does not automatically receive shared
    secret from remote TKS (jmagne)
  - PKI TRAC Ticket #2364 - CLI :: pki-server ca-cert-request-show throws
    attribute error (ftweedal)
  - PKI TRAC Ticket #2368 - pki-server subsystem subcommands throws error with
    --help option (edewata)
  - PKI TRAC Ticket #2374 - KRA cloning overwrites CA signing certificate trust
    flags (edewata)
  - PKI TRAC Ticket #2380 - Pki-server instance commands throws exception while
    specifying invalid parameters. (edewata)
  - PKI TRAC Ticket #2384 - CA installation with HSM prompts for HSM password
    during silent installation (edewata)
  - PKI TRAC Ticket #2385 - Upgraded CA lacks ca.sslserver.certreq in CS.cfg
    (ftweedal)
  - PKI TRAC Ticket #2387 - Add config for default OCSP URI if none given
    (ftweedal)
  - PKI TRAC Ticket #2388 - CA creation responds 500 if certificate issuance
    fails (ftweedal)
  - PKI TRAC Ticket #2389 - Installation: subsystem certs could have notAfter
    beyond CA signing cert in case of external or existing CA (cfu)
  - PKI TRAC Ticket #2390 - Dogtag 10.3.4: Miscellaneous Enhancements
    (akasurde, edewata)
* Thu Jun 30 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-2
  - PKI TRAC Ticket #2373 - Fedora 25: RestEasy 3.0.6 ==> 3.0.17 breaks
    pki-core (ftweedal)
* Mon Jun 20 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-1
  - Updated release number to 10.3.3-1
* Tue Jun 07 2016 Dogtag Team <pki-devel@redhat.com> 10.3.3-0.1
  - Updated version number to 10.3.3-0.1
* Tue Jun 07 2016 Dogtag Team <pki-devel@redhat.com> 10.3.2-5
  - Provided cleaner runtime dependency separation
* Tue Jun 07 2016 Dogtag Team <pki-devel@redhat.com> 10.3.2-4
  - Updated tomcatjss version dependencies
* Tue Jun 07 2016 Dogtag Team <pki-devel@redhat.com> 10.3.2-3
  - Updated 'java', 'java-headless', and 'java-devel' dependencies to 1:1.8.0.
* Tue Jun 07 2016 Dogtag Team <pki-devel@redhat.com> 10.3.2-2
  - Updated tomcat version dependencies
* Tue Jun 07 2016 Dogtag Team <pki-devel@redhat.com> 10.3.2-1
  - Updated version number to 10.3.2-1
* Wed May 18 2016 Dogtag Team <pki-devel@redhat.com> 10.3.2-0.1
  - Updated version number to 10.3.2-0.1
* Tue May 17 2016 Dogtag Team <pki-devel@redhat.com> 10.3.1-1
  - Updated version number to 10.3.1-1 (to allow upgrade from 10.3.0.b1)
* Mon May 16 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0-1
  - Updated version number to 10.3.0-1
* Mon Apr 18 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0.b1-1
  - Build for F24 beta
* Fri Apr 08 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0.a2-2
  - PKI TRAC Ticket #2255 - PKCS #12 backup does not contain trust attributes.
* Thu Apr 07 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0.a2-1
  - Updated build for F24 alpha
* Wed Mar 23 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0.a1-2
  - PKI TRAC Ticket #1625 - Allow multiple ACLs of same name
    (union of rules) [ftweedal]
  - PKI TRAC Ticket #2237 - Add CRL dist points extension to OIDMap
    unconditionally [edewata]
  - PKI TRAC Ticket #1803 - Removed unnecessary URL encoding for admin cert
    request. [edewata]
  - PKI TRAC Ticket #1742 - Added support for cloning 3rd-party CA
    certificates. [edewata]
  - PKI TRAC Ticket #1482 - Added TPS token filter dialog. [edewata]
  - PKI TRAC Ticket #1808 - Fixed illegal token state transition
    via TEMP_LOST. [edewata]
* Fri Mar 04 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0.a1-1
  - Build for F24 alpha
* Tue Mar 01 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.5
  - PKI Trac Ticket #1399 - Move java components out of pki-base
* Thu Feb 11 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.4
  - PKI TRAC Ticket #1850 - Rename DRMTool --> KRATool
* Thu Feb 04 2016 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.3
  - PKI TRAC Ticket #1714 - mod_revocator and mod_nss dependency for tps
    should be removed
* Sat Oct 03 2015 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.2
  - PKI TRAC Ticket #1623 - Runtime dependency on python-nss is missing
* Sat Aug 08 2015 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.1
  - Updated version number to 10.3.0-0.1
* Fri Aug 07 2015 Dogtag Team <pki-devel@redhat.com> 10.2.7-0.3
  - Added dep on tomcat-servlet-3.1-api [Fedora 23 and later] or dep on
    tomcat-servlet-3.0-api [Fedora 22 and later] to pki-tools
  - Updated dep on tomcatjss [Fedora 23 and later]
* Fri Jul 24 2015 Tomas Radej <tradej@redhat.com> - 10.2.7-0.2
  - Updated dep on policycoreutils-python-utils [Fedora 23 and later]
* Sat Jul 18 2015 Dogtag Team <pki-devel@redhat.com> 10.2.7-0.1
  - Updated version number to 10.2.7-0.1
* Sat Jul 18 2015 Dogtag Team <pki-devel@redhat.com> 10.2.6-1
  - Update release number for release build
* Fri Jul 17 2015 Dogtag Team <pki-devel@redhat.com> 10.2.6-0.3
  - Remove setup directory and remaining Perl dependencies
* Sat Jun 20 2015 Dogtag Team <pki-devel@redhat.com> 10.2.6-0.2
  - Remove ExcludeArch directive
* Fri Jun 19 2015 Dogtag Team <pki-devel@redhat.com> 10.2.6-0.1
  - Updated version number to 10.2.6-0.1
* Fri Jun 19 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-1
  - Update release number for release build
* Wed Jun 17 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-0.2
  - Resolves rhbz #1230970 - Errata TPS tests for rpm verification failed
* Tue May 26 2015 Dogtag Team <pki-devel@redhat.com> 10.2.5-0.1
  - Updated version number to 10.2.5-0.1
* Tue May 26 2015 Dogtag Team <pki-devel@redhat.com> 10.2.4-1
  - Update release number for release build
* Tue May 12 2015 Dogtag Team <pki-devel@redhat.com> 10.2.4-0.2
  - Updated nuxwdog and tomcatjss requirements (alee)
* Thu Apr 23 2015 Dogtag Team <pki-devel@redhat.com> 10.2.4-0.1
  - Updated version number to 10.2.4-0.1
  - Added nuxwdog systemd files
* Thu Apr 23 2015 Dogtag Team <pki-devel@redhat.com> 10.2.3-1
  - Update release number for release build
* Thu Apr 09 2015 Dogtag Team <pki-devel@redhat.com> 10.2.3-0.1
  - Reverted version number back to 10.2.3-0.1
  - Added support for Tomcat 8.
* Mon Apr 06 2015 Dogtag Team <pki-devel@redhat.com> 10.3.0-0.1
  - Updated version number to 10.3.0-0.1
* Wed Mar 18 2015 Dogtag Team <pki-devel@redhat.com> 10.2.3-0.1
  - Updated version number to 10.2.3-0.1
* Tue Mar 17 2015 Dogtag Team <pki-devel@redhat.com> 10.2.2-1
  - Update release number for release build
* Thu Jan 08 2015 Dogtag Team <pki-devel@redhat.com> 10.2.2-0.1
  - Updated version number to 10.2.2-0.1
  - Moved web application deployment locations.
  - Updated Resteasy and Jackson dependencies.
  - Added missing python-lxml build dependency.
* Thu Jan 08 2015 Dogtag Team <pki-devel@redhat.com> 10.2.1-1
  - Update release number for release build
* Tue Dec 16 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.1-0.4
  - PKI TRAC Ticket #1187 - mod_perl should be removed from requirements for 10.2
  - PKI TRAC Ticket #1205 - Outdated selinux-policy dependency.
  - Removed perl(XML::LibXML), perl-Crypt-SSLeay, and perl-Mozilla-LDAP runtime
    dependencies
* Fri Dec 12 2014 Ade Lee <alee@redhat.com> 10.2.1-0.3
  - Change resteasy dependencies for F22+
* Mon Nov 24 2014 Christina Fu <cfu@redhat.com> 10.2.1-0.2
  - Ticket 1198 Bugzilla 1158410 add TLS range support to server.xml by
    default and upgrade (cfu)
  - PKI Trac Ticket #1211 - New release overwrites old source tarball (mharmsen)
  - up the release number to 0.2
* Fri Oct 24 2014 Dogtag Team <pki-devel@redhat.com> 10.2.1-0.1
  - Updated version number to 10.2.1-0.1.
  - Added CLIs to simplify generating user certificates
  - Added enhancements to KRA Python API
  - Added a man page for pki ca-profile commands.
  - Added python api docs
* Wed Oct 01 2014 Ade Lee <alee@redhat.com> 10.2.0-3
  - Disable pylint dependency for RHEL builds
  - Added jakarta-commons-httpclient requirements
  - Added tomcat version for RHEL build
  - Added resteasy-base-client for RHEL build
* Wed Sep 24 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-2
  - PKI TRAC Ticket #1130 - Add RHEL/CentOS conditionals to spec
* Wed Sep 03 2014 Dogtag Team <pki-devel@redhat.com> 10.2.0-1
  - Update release number for release build
* Wed Sep 03 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.10
  - PKI TRAC Ticket #1017 - Rename pki-tps-tomcat to pki-tps
* Fri Aug 29 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.9
  - Merged jmagne@redhat.com's spec file changes from the stand-alone
    'pki-tps-client' package needed to build/run the native 'tpsclient'
    command line utility into this 'pki-core' spec file under the 'tps' package.
  - Original tps libararies must be built to support this native utility.
  - Modifies tps package from 'noarch' into 'architecture-specific' package
* Wed Aug 27 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.8
  - PKI TRAC Ticket #1127 - Remove 'pki-ra', 'pki-setup', and 'pki-silent'
    packages . . .
* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 10.2.0-0.5
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Wed Aug 13 2014 Jack Magne <jmagne@redhat.com> - 10.2.0-0.7
  - Respin to include the applet files with the rpm install. No change
    to spec file needed.
* Tue Jul 15 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.6
  - Bugzilla Bug #1120045 - pki-core: Switch to java-headless (build)requires --
    drop dependency on java-atk-wrapper
  - Removed 'java-atk-wrapper' dependency from 'pki-server'
* Wed Jul 02 2014 Matthew Harmsen <mharmsen@redhat.com> - 10.2.0-0.5
  - PKI TRAC Ticket #832 - Remove legacy 'systemctl' files . . .
* Tue Jul 01 2014 Ade Lee <alee@redhat.com> - 10.2.0-0.4
  - Update rawhide build
* Sat Jun 07 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 10.2.0-0.3
  - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Fri Mar 28 2014 Michael Simacek <msimacek@redhat.com> - 10.2.0-0.2
  - Use Requires: java-headless rebuild (#1067528)
* Fri Nov 22 2013 Dogtag Team <pki-devel@redhat.com> 10.2.0-0.1
  - Added option to build without server packages.
  - Replaced Jettison with Jackson.
  - Added python-nss build requirement
  - Bugzilla Bug #1057959 - pkispawn requires policycoreutils-python
  - TRAC Ticket #840 - pkispawn requires policycoreutils-python
  - Updated requirements for resteasy
  - Added template files for archive, retrieve and generate key
    requests to the client package.
* Fri Nov 15 2013 Ade Lee <alee@redhat.com> 10.1.0-1
  - Trac Ticket 788 - Clean up spec files
  - Update release number for release build
  - Updated requirements for resteasy
* Sun Nov 10 2013 Ade Lee <alee@redhat.com> 10.1.0-0.14
  - Change release number for beta build
* Thu Nov 07 2013 Ade Lee <alee@redhat.com> 10.1.0-0.13
  - Updated requirements for tomcat
* Fri Oct 04 2013 Ade Lee <alee@redhat.com> 10.1.0-0.12
  - Removed additional /var/run, /var/lock references.
* Fri Oct 04 2013 Ade Lee <alee@redhat.com> 10.1.0-0.11
  - Removed delivery of /var/lock and /var/run directories for fedora 20.
* Wed Aug 14 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.10
  - Moved Tomcat-based TPS into pki-core.
* Wed Aug 14 2013 Abhishek Koneru <akoneru@redhat.com> 10.1.0.0.9
  - Listed new packages required during build, due to issues reported
    by pylint.
  - Packages added: python-requests, python-ldap, libselinux-python,
                    policycoreutils-python
* Fri Aug 09 2013 Abhishek Koneru <akoneru@redhat.com> 10.1.0.0.8
  - Added pylint scan to the build process.
* Mon Jul 22 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.7
  - Added man pages for upgrade tools.
* Wed Jul 17 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.6
  - Cleaned up the code to install man pages.
* Tue Jul 16 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.5
  - Reorganized deployment tools.
* Tue Jul 09 2013 Ade Lee <alee@redhat.com> 10.1.0-0.4
  - Bugzilla Bug 973224 -  resteasy-base must be split into subpackages
    to simplify dependencies
* Fri Jun 14 2013 Endi S. Dewata <edewata@redhat.com> 10.1.0-0.3
  - Updated dependencies to Java 1.7.
* Wed Jun 05 2013 Matthew Harmsen <mharmsen@redhat.com> 10.1.0-0.2
  - TRAC Ticket 606 - add restart / start at boot info to pkispawn man page
  - TRAC Ticket 610 - Document limitation in using GUI install
  - TRAC Ticket 629 - Package ownership of '/usr/share/pki/etc/' directory
* Tue May 07 2013 Ade Lee <alee@redhat.com> 10.1.0-0.1
  - Change release number for 10.1 development
* Mon May 06 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-5
  - Fixed incorrect JNI_JAR_DIR.
* Sat May 04 2013 Ade Lee <alee@redhat.com> 10.0.2-4
  - TRAC Ticket 605 Junit internal function used in TestRunner,
    breaks F19 build
* Sat May 04 2013 Ade Lee <alee@redhat.com> 10.0.2-3
  - TRAC Ticket 604 Added fallback methods for pkispawn tests
* Mon Apr 29 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-2
  - Added default pki.conf in /usr/share/pki/etc
  - Create upgrade tracker on install and remove it on uninstall
* Fri Apr 26 2013 Ade Lee <alee@redhat.com> 10.0.2-1
  - Change release number for official release.
* Thu Apr 25 2013 Ade Lee <alee@redhat.com> 10.0.2-0.8
  - Added %pretrans script for f19
  - Added java-atk-wrapper dependency
* Wed Apr 24 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.7
  - Added pki-server-upgrade script and pki.server module.
  - Call upgrade scripts in %post for pki-base and pki-server.
* Tue Apr 23 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.6
  - Added dependency on commons-io.
* Mon Apr 22 2013 Ade Lee <alee@redhat.com> 10.0.2-0.5
  - Add /var/log/pki and /var/lib/pki directories
* Tue Apr 16 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.4
  - Run pki-upgrade on post server installation.
* Mon Apr 15 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.3
  - Added dependency on python-lxml.
* Fri Apr 05 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.2
  - Added pki-upgrade script.
* Fri Apr 05 2013 Endi S. Dewata <edewata@redhat.com> 10.0.2-0.1
  - Updated version number to 10.0.2-0.1.
* Fri Apr 05 2013 Endi S. Dewata <edewata@redhat.com> 10.0.1-9
  - Renamed base/deploy to base/server.
  - Moved pki.conf into pki-base.
  - Removed redundant pki/server folder declaration.
* Tue Mar 19 2013 Ade Lee <alee@redhat.com> 10.0.1-8
  - Removed jython dependency
* Mon Mar 11 2013 Endi S. Dewata <edewata@redhat.com> 10.0.1-7
  - Added minimum python-requests version.
* Fri Mar 08 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.1-6
  - Bugzilla Bug #919476 - pkispawn crashes due to dangling symlink to jss4.jar
* Thu Mar 07 2013 Endi S. Dewata <edewata@redhat.com> 10.0.1-5
  - Added dependency on python-requests.
  - Reorganized Python module packaging.
* Thu Mar 07 2013 Endi S. Dewata <edewata@redhat.com> 10.0.1-4
  - Added dependency on python-ldap.
* Mon Mar 04 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.1-3
  - TRAC Ticket #517 - Clean up theme dependencies
  - TRAC Ticket #518 - Remove UI dependencies from pkispawn . . .
* Fri Mar 01 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.1-2
  - Removed runtime dependency on 'pki-server-theme' to resolve
    Bugzilla Bug #916134 - unresolved dependency in pki-server: pki-server-theme
* Tue Jan 15 2013 Ade Lee <alee@redhat.com> 10.0.1-1
  - TRAC Ticket 214 - Missing error description for duplicate user
  - TRAC Ticket 213 - Add nonces for cert revocation
  - TRAC Ticket 367 - pkidestroy does not remove connector
  - TRAC Ticket #430 - License for 3rd party code
  - Bugzilla Bug 839426 - [RFE] ECC CRL support for OCSP
  - Fix spec file to allow f17 to work with latest tomcatjss
  - TRAC Ticket 466 - Increase root CA validity to 20 years
  - TRAC Ticket 469 - Fix tomcatjss issue in spec files
  - TRAC Ticket 468 - pkispawn throws exception
  - TRAC Ticket 191 - Mapping HTTP Exceptions to HTTP error codes
  - TRAC Ticket 271 - Dogtag 10: Fix 'status' command in 'pkidaemon' . . .
  - TRAC Ticket 437 - Make admin cert p12 file location configurable
  - TRAC Ticket 393 - pkispawn fails when selinux is disabled
  - Punctuation and formatting changes in man pages
  - Revert to using default config file for pkidestroy
  - Hardcode setting of resteasy-lib for instance
  - TRAC Ticket 436 - Interpolation for pki_subsystem
  - TRAC Ticket 433 - Interpolation for paths
  - TRAC Ticket 435 - Identical instance id and instance name
  - TRAC Ticket 406 - Replace file dependencies with package dependencies
* Wed Jan 09 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-5
  - TRAC Ticket #430 - License for 3rd party code
* Fri Jan 04 2013 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-4
  - TRAC Ticket #469 - Dogtag 10: Fix tomcatjss issue in pki-core.spec and
    dogtag-pki.spec . . .
  - TRAC Ticket #468 - pkispawn throws exception
* Wed Dec 12 2012 Ade Lee <alee@redhat.com> 10.0.0-3
  - Replaced file dependencies with package dependencies
* Mon Dec 10 2012 Ade Lee <alee@redhat.com> 10.0.0-2
  - Updated man pages
* Fri Dec 07 2012 Ade Lee <alee@redhat.com> 10.0.0-1
  - Update to official release for rc1
* Thu Dec 06 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.56.b3
  - TRAC Ticket #315 - Man pages for pkispawn/pkidestroy.
  - Added place-holders for 'pki.1' and 'pki_default.cfg.5' man pages.
* Thu Dec 06 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.55.b3
  - Added system-wide configuration /etc/pki/pki.conf.
  - Removed redundant lines in %files.
* Tue Dec 04 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.54.b3
  - Moved default deployment configuration to /etc/pki.
* Mon Nov 19 2012 Ade Lee <alee@redhat.com> 10.0.0-0.53.b3
  - Cleaned up spec file to provide only support rhel 7+, f17+
  - Added resteasy-base dependency for rhel 7
  - Update cmake version
* Mon Nov 12 2012 Ade Lee <alee@redhat.com> 10.0.0-0.52.b3
  - Update release to b3
* Fri Nov 09 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.51.b2
  - Removed dependency on CA, KRA, OCSP, TKS theme packages.
* Thu Nov 08 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.50.b2
  - Renamed pki-common-theme to pki-server-theme.
* Thu Nov 08 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.49.b2
  - TRAC Ticket #395 - Dogtag 10: Add a Tomcat 7 runtime requirement to
    'pki-server'
* Mon Oct 29 2012 Ade Lee <alee@redhat.com> 10.0.0-0.48.b2
  - Update release to b2
* Wed Oct 24 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.47.b1
  - TRAC Ticket #350 - Dogtag 10: Remove version numbers from PKI jar files . . .
* Tue Oct 23 2012 Ade Lee <alee@redhat.com> 10.0.0-0.46.b1
  - Added Obsoletes for pki-selinux
* Tue Oct 23 2012 Ade Lee <alee@redhat.com> 10.0.0-0.45.b1
  - Remove build of pki-selinux for f18, use system policy instead
* Fri Oct 12 2012 Ade Lee <alee@redhat.com> 10.0.0-0.44.b1
  - Update required tomcatjss version
  - Added net-tools dependency
* Mon Oct 08 2012 Ade Lee <alee@redhat.com> 10.0.0-0.43.b1
  - Update selinux-policy version to fix error from latest policy changes
* Mon Oct 08 2012 Ade Lee <alee@redhat.com> 10.0.0-0.42.b1
  - Fix typo in selinux policy versions
* Mon Oct 08 2012 Ade Lee <alee@redhat.com> 10.0.0-0.41.b1
  - Added build requires for correct version of selinux-policy-devel
* Mon Oct 08 2012 Ade Lee <alee@redhat.com> 10.0.0-0.40.b1
  - Update release to b1
* Fri Oct 05 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.40.a2
  - Merged pki-silent into pki-server.
* Fri Oct 05 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.39.a2
  - Renamed "shared" folder to "server".
* Fri Oct 05 2012 Ade Lee <alee@redhat.com> 10.0.0-0.38.a2
  - Added required selinux versions for new policy.
* Tue Oct 02 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.37.a2
  - Added Provides to packages replacing obsolete packages.
* Mon Oct 01 2012 Ade Lee <alee@redhat.com> 10.0.0-0.36.a2
  - Update release to a2
* Sun Sep 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.36.a1
  - Modified CMake to use RPM version number
* Tue Sep 25 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.35.a1
  - Added VERSION file
* Mon Sep 24 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.34.a1
  - Merged pki-setup into pki-server
* Thu Sep 13 2012 Ade Lee <alee@redhat.com> 10.0.0-0.33.a1
  - Added Conflicts for IPA 2.X
  - Added build requires for zip to work around mock problem
* Wed Sep 12 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.32.a1
  - TRAC Ticket #312 - Dogtag 10: Automatically restart any running instances
    upon RPM "update" . . .
  - TRAC Ticket #317 - Dogtag 10: Move "pkispawn"/"pkidestroy"
    from /usr/bin to /usr/sbin . . .
* Wed Sep 12 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.31.a1
  - Fixed pki-server to include everything in shared dir.
* Tue Sep 11 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.30.a1
  - Added build dependency on redhat-rpm-config.
* Thu Aug 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.29.a1
  - Merged Javadoc packages.
* Thu Aug 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.28.a1
  - Added pki-tomcat.jar.
* Thu Aug 30 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.27.a1
  - Moved webapp creation code into pkispawn.
* Mon Aug 20 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.26.a1
  - Split pki-client.jar into pki-certsrv.jar and pki-tools.jar.
* Mon Aug 20 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.25.a1
  - Merged pki-native-tools and pki-java-tools into pki-tools.
  - Modified pki-server to depend on pki-tools.
* Mon Aug 20 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.24.a1
  - Split pki-common into pki-base and pki-server.
  - Merged pki-util into pki-base.
  - Merged pki-deploy into pki-server.
* Thu Aug 16 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.23.a1
  - Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 17
  - Changed Dogtag 10 build-time and runtime requirements for 'pki-deploy'
  - Altered PKI Package Dependency Chain (top-to-bottom):
    pki-ca, pki-kra, pki-ocsp, pki-tks --> pki-deploy --> pki-common
* Mon Aug 13 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.22.a1
  - Added pki-client.jar.
* Fri Jul 27 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.21.a1
  - Merged pki-jndi-realm.jar into pki-cmscore.jar.
* Tue Jul 24 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.20.a1
  - PKI TRAC Task #254 - Dogtag 10: Fix spec file to build successfully
    via mock on Fedora 17 . . .
* Wed Jul 11 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.19.a1
  - Moved 'pki-jndi-real.jar' link from 'tomcat6' to 'tomcat' (Tomcat 7)
* Thu Jun 14 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.18.a1
  - Updated release of 'tomcatjss' to rely on Tomcat 7 for Fedora 18
* Tue May 29 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.17.a1
  - Added CLI for REST services
* Fri May 18 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.16.a1
  - Integration of Tomcat 7
  - Addition of centralized 'pki-tomcatd' systemd functionality to the
    PKI Deployment strategy
  - Removal of 'pki_flavor' attribute
* Mon Apr 16 2012 Ade Lee <alee@redhat.com> 10.0.0-0.15.a1
  - BZ 813075 - selinux denial for file size access
* Thu Apr 05 2012 Christina Fu <cfu@redhat.com> 10.0.0-0.14.a1
  - Bug 745278 - [RFE] ECC encryption keys cannot be archived
* Tue Mar 27 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.13.a1
  - Replaced candlepin-deps with resteasy
* Fri Mar 23 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.12.a1
  - Added option to build without Javadoc
* Fri Mar 16 2012 Ade Lee <alee@redhat.com> 10.0.0-0.11.a1
  - BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
  - Corrected patch selected for selinux f17 rules
* Wed Mar 14 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.10.a1
  - Corrected 'junit' dependency check
* Mon Mar 12 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.9.a1
  - Initial attempt at PKI deployment framework described in
    'http://pki.fedoraproject.org/wiki/PKI_Instance_Deployment'.
* Fri Mar 09 2012 Jack Magne <jmagne@redhat.com> 10.0.0-0.8.a1
  - Added support for pki-jndi-realm in tomcat6 in pki-common
    and pki-kra.
  - Ticket #69.
* Fri Mar 02 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.7.a1
  - For 'mock' purposes, removed platform-specific logic from around
    the 'patch' files so that ALL 'patch' files will be included in
    the SRPM.
* Wed Feb 29 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.6.a1
  - Removed dependency on OSUtil.
* Tue Feb 28 2012 Ade Lee <alee@redhat.com> 10.0.0-0.5.a1
  - 'pki-selinux'
  -      Added platform-dependent patches for SELinux component
  -      Bugzilla Bug #739708 - Selinux fix for ephemeral ports (F16)
  -      Bugzilla Bug #795966 - pki-selinux policy is kind of a mess (F17)
* Thu Feb 23 2012 Endi S. Dewata <edewata@redhat.com> 10.0.0-0.4.a1
  - Added dependency on Apache Commons Codec.
* Wed Feb 22 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.3.a1
  - Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes
    in fundamental path structure in Fedora 17
  - 'pki-setup'
  -      Hard-code Perl dependencies to protect against bugs such as
         Bugzilla Bug #772699 - Adapt perl and python fileattrs to
         changed file 5.10 magics
  - 'pki-selinux'
  -      Bugzilla Bug #795966 - pki-selinux policy is kind of a mess
* Mon Feb 20 2012 Matthew Harmsen <mharmsen@redhat.com> 10.0.0-0.2.a1
  - Integrated 'pki-kra' into 'pki-core'
  - Integrated 'pki-ocsp' into 'pki-core'
  - Integrated 'pki-tks' into 'pki-core'
  - Bugzilla Bug #788787 - added 'junit'/'junit4' build-time requirements
* Wed Feb 01 2012 Nathan Kinder <nkinder@redhat.com> 10.0.0-0.1.a1
  - Updated package version number
* Mon Jan 16 2012 Ade Lee <alee@redhat.com> 9.0.16-3
  - Added resteasy-jettison-provider-2.3-RC1.jar to pki-setup
* Mon Nov 28 2011 Endi S. Dewata <edewata@redhat.com> 9.0.16-2
  - Added JUnit tests
* Fri Oct 28 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.16-1
  - 'pki-setup'
  - 'pki-symkey'
  - 'pki-native-tools'
  - 'pki-util'
  -      Bugzilla Bug #737122 - DRM: during archiving and recovering,
         wrapping unwrapping keys should be done in the token (cfu)
  - 'pki-java-tools'
  - 'pki-common'
  -      Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after
         the in-place upgrade( CS 8.0->8.1) (cfu)
  - 'pki-selinux'
  - 'pki-ca'
  -      Bugzilla Bug #746367 - Typo in the profile name. (jmagne)
  -      Bugzilla Bug #737122 - DRM: during archiving and recovering,
         wrapping unwrapping keys should be done in the token (cfu)
  -      Bugzilla Bug #749927 - Java class conflicts using Java 7 in Fedora 17
         (rawhide) . . . (mharmsen)
  -      Bugzilla Bug #749945 - Installation error reported during CA, DRM,
         OCSP, and TKS package installation . . . (mharmsen)
  - 'pki-silent'
* Thu Sep 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.15-1
  - Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . . (mharmsen)
  - Bugzilla Bug #699809 - Convert CS to use systemd (alee)
  - 'pki-setup'
  -      Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
         mode (cfu)
  -      Bugzilla Bug #737192 - Need script to upgrade proxy configuration (alee)
  - 'pki-symkey'
  -      Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
         (hsm+NSS). (jmagne)
  - 'pki-native-tools'
  -      Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
  -      Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
         mode (cfu)
  - 'pki-util'
  -      Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
         mode (cfu)
  - 'pki-java-tools'
  - 'pki-common'
  -      Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
         mode (cfu)
  -      Bugzilla Bug #737218 - Incorrect request attribute name matching
         ignores request attributes during request parsing. (awnuk)
  -      Bugzilla Bug #730162 - TPS/TKS token enrollment failure in FIPS mode
         (hsm+NSS). (jmagne)
  - 'pki-selinux'
  -      Bugzilla Bug #739708 - pki-selinux lacks rules in F16 (alee)
  - 'pki-ca'
  -      Bugzilla Bug #712931 - CS requires too many ports
         to be open in the FW (alee)
  -      Bugzilla Bug #730146 - SSL handshake picks non-FIPS ciphers in FIPS
         mode (cfu)
  - 'pki-silent'
  -      Bugzilla Bug #739201 - pkisilent does not take arch into account
         as Java packages migrated to arch-dependent directories (mharmsen)
* Fri Sep 09 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.14-1
  - 'pki-setup'
  -      Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
  - 'pki-symkey'
  -      Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
  - 'pki-native-tools'
  - 'pki-util'
  -      Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
  - 'pki-java-tools'
  -      Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
  - 'pki-common'
  -      Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
  - 'pki-selinux'
  - 'pki-ca'
  -      Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
  -      Bugzilla Bug #699809 - Convert CS to use systemd (alee)
  - 'pki-silent'
  -      Bugzilla Bug #734590 - Refactor JNI libraries for Fedora 16+ . . .
* Tue Sep 06 2011 Ade Lee <alee@redhat.com> 9.0.13-1
  - 'pki-setup'
  -      Bugzilla Bug #699809 - Convert CS to use systemd (alee)
  - 'pki-ca'
  -      Bugzilla Bug #699809 - Convert CS to use systemd (alee)
  - 'pki-common'
  -      Bugzilla Bug #699809 - Convert CS to use systemd (alee)
* Tue Aug 23 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.12-1
  - 'pki-setup'
  -      Bugzilla Bug #712931 - CS requires too many ports
         to be open in the FW (alee)
  - 'pki-symkey'
  - 'pki-native-tools'
  -      Bugzilla Bug #717643 - Fopen without NULL check and other Coverity
         issues (awnuk)
  -      Bugzilla Bug #730801 - Coverity issues in native-tools area (awnuk)
  - 'pki-util'
  - 'pki-java-tools'
  - 'pki-common'
  -      Bugzilla Bug #700522 - pki tomcat6 instances currently running
         unconfined, allow server to come up when selinux disabled (alee)
  -      Bugzilla Bug #731741 - some CS.cfg nickname parameters not updated
         correctly when subsystem cloned (using hsm) (alee)
  -      Bugzilla Bug #712931 - CS requires too many ports
         to be open in the FW (alee)
  - 'pki-selinux'
  -      Bugzilla Bug #712931 - CS requires too many ports
         to be open in the FW (alee)
  - 'pki-ca'
  -      Bugzilla Bug #712931 - CS requires too many ports
         to be open in the FW (alee)
  - 'pki-silent'
* Wed Aug 10 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.11-1
  - 'pki-setup'
  -      Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
         time - remove the inefficient sleeps (alee)
  - 'pki-symkey'
  - 'pki-native-tools'
  - 'pki-util'
  - 'pki-java-tools'
  -      Bugzilla Bug #724861 - DRMTool: fix duplicate "dn:" records by
         renumbering "cn=<value>" (mharmsen)
  - 'pki-common'
  -      Bugzilla Bug #717041 - Improve escaping of some enrollment inputs like
         (jmagne, awnuk)
  -      Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
         time - remove the inefficient sleeps (alee)
  -      Bugzilla Bug #708075 - Clone installation does not work over NAT
         (alee)
  -      Bugzilla Bug #726785 - If replication fails while setting up a clone
         it will wait forever (alee)
  -      Bugzilla Bug #728332 - xml output has changed on cert requests (awnuk)
  -      Bugzilla Bug #700505 - pki tomcat6 instances currently running
         unconfined (alee)
  - 'pki-selinux'
  -      Bugzilla Bug #700505 - pki tomcat6 instances currently running
         unconfined (alee)
  - 'pki-ca'
  -      Bugzilla Bug #728605 - RFE: increase default validity from 6mo to 2yrs
         in IPA profile (awnuk)
  - 'pki-silent'
  -      Bugzilla Bug #689909 - Dogtag installation under IPA takes too much
         time - remove the inefficient sleeps (alee)
* Fri Jul 22 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.10-1
  - 'pki-setup'
  - 'pki-symkey'
  - 'pki-native-tools'
  - 'pki-util'
  -      Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
         using an ECC CA to generate ECC certs from CRMF. (jmagne)
  -      Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
         for any component value which is equal to its default value (alee)
  - 'pki-java-tools'
  - 'pki-common'
  -      Bugzilla Bug #720510 - Console: Adding a certificate into nethsm
         throws Token not found error. (jmagne)
  -      Bugzilla Bug #719007 - Key Constraint keyParameter being ignored
         using an ECC CA to generate ECC certs from CRMF. (jmagne)
  -      Bugzilla Bug #716307 - rhcs80 - DER shall not include an encoding
         for any component value which is equal to its default value (alee)
  -      Bugzilla Bug #722989 - Registering an agent when a subsystem is
         created - does not log AUTHZ_SUCCESS event. (alee)
  - 'pki-selinux'
  - 'pki-ca'
  -      Bugzilla Bug #719113 - Add client usage flag to caIPAserviceCert
         (awnuk)
  - 'pki-silent'
* Thu Jul 14 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.9-1
  - Updated release of 'jss'
  - Updated release of 'tomcatjss' for Fedora 15
  - 'pki-setup'
  -      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
         (mharmsen)
  -      Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
         (jdennis)
  -      Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
  -      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
  - 'pki-symkey'
  -      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
         (mharmsen)
  -      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
  - 'pki-native-tools'
  -      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
         (mharmsen)
  -      Bugzilla Bug #717765 - TPS configuration: logging into security domain
         from tps does not work with clientauth=want. (alee)
  -      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
  - 'pki-util'
  -      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
         (mharmsen)
  -      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
  - 'pki-java-tools'
  -      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
         (mharmsen)
  -      Bugzilla Bug #532548 - Tool to do DRM re-key (mharmsen)
  -      Bugzilla Bug #532548 - Tool to do DRM re-key (config file and record
         processing) (mharmsen)
  -      Bugzilla Bug #532548 - Tool to do DRM re-key (tweaks) (mharmsen)
  -      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
  - 'pki-common'
  -      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
         (mharmsen)
  -      Bugzilla Bug #695403 - Editing signedaudit or transaction, system
         logs throws 'Invalid protocol' for OCSP subsystems (alee)
  -      Bugzilla Bug #694569 - parameter used by pkiremove not updated (alee)
  -      Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
         populated in the CA signedAudit messages (alee)
  -      Bugzilla Bug #694143 - CA Agent not returning specified request (awnuk)
  -      Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
         populated in the CA signedAudit messages (jmagne)
  -      Bugzilla Bug #698885 - Race conditions during IPA installation (alee)
  -      Bugzilla Bug #704792 - CC_LAB_EVAL: CA agent interface:
         SubjectID=$Unidentified$ fails audit evaluation (jmagne)
  -      Bugzilla Bug #705914 - SCEP mishandles nicknames when processing
         subsequent SCEP requests. (awnuk)
  -      Bugzilla Bug #661142 - Verification should fail when a revoked
         certificate is added. (jmagne)
  -      Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
         for modify/add (alee)
  -      Bugzilla Bug #707416 - additional audit messages for GetCookie (alee)
  -      Bugzilla Bug #707607 - Published certificate summary has list of
         non-published certificates with succeeded status (jmagne)
  -      Bugzilla Bug #717813 - EV_AUDIT_LOG_SHUTDOWN audit log not generated
         for tps and ca on server shutdown (jmagne)
  -      Bugzilla Bug #697939 - DRM signed audit log message - operation should
         be read instead of modify (jmagne)
  -      Bugzilla Bug #718427 - When audit log is full, server continue to
         function. (alee)
  -      Bugzilla Bug #718607 - CC_LAB_EVAL: No AUTH message is generated in
         CA's signedaudit log when a directory based user enrollment is
         performed (jmagne)
  -      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
  - 'pki-selinux'
  -      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
         (mharmsen)
  -      Bugzilla Bug #720503 - RA and TPS require additional SELinux
         permissions to run in "Enforcing" mode (alee)
  -      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
  - 'pki-ca'
  -      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
         (mharmsen)
  -      Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
         (jdennis)
  -      Bugzilla Bug #699837 - service command is not fully backwards
         compatible with Dogtag pki subsystems (mharmsen)
  -      Bugzilla Bug #649910 - Console: an auditor or agent can be added to an
         administrator group. (jmagne)
  -      Bugzilla Bug #707416 - CC_LAB_EVAL: Security Domain: missing audit msgs
         for modify/add (alee)
  -      Bugzilla Bug #716269 - make ra authenticated profiles non-visible on ee
         pages (alee)
  -      Bugzilla Bug #718621 - CC_LAB_EVAL: PRIVATE_KEY_ARCHIVE_REQUEST occurs
         for a revocation invoked by EE user (awnuk)
  -      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
  - 'pki-silent'
  -      Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
         (mharmsen)
  -      Bugzilla Bug #669226 - Remove Legacy Build System (mharmsen)
* Wed May 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.8-2
  - 'pki-setup'
  - 'pki-symkey'
  - 'pki-native-tools'
  - 'pki-util'
  - 'pki-java-tools'
  -     Added 'DRMTool.cfg' configuration file to inventory
  - 'pki-common'
  - 'pki-selinux'
  - 'pki-ca'
  - 'pki-silent'
* Wed May 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.8-1
  - 'pki-setup'
  - 'pki-symkey'
  - 'pki-native-tools'
  - 'pki-util'
  - 'pki-java-tools'
  -     Bugzilla Bug #532548 - Tool to do DRM re-key
  - 'pki-common'
  - 'pki-selinux'
  - 'pki-ca'
  - 'pki-silent'
* Tue Apr 26 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.7-1
  - 'pki-setup'
  -     Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
  -     Bugzilla Bug #694569 - parameter used by pkiremove not updated
  - 'pki-symkey'
  - 'pki-native-tools'
  - 'pki-util'
  - 'pki-java-tools'
  - 'pki-common'
  -     Bugzilla Bug #695403 - Editing signedaudit or transaction, system logs
        throws 'Invalid protocol' for OCSP subsystems
  -     Bugzilla Bug #694569 - parameter used by pkiremove not updated
  -     Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
        populated in the CA signedAudit messages
  -     Bugzilla Bug #694143 - CA Agent not returning specified request
  -     Bugzilla Bug #695015 - Serial No. of a revoked certificate is not
        populated in the CA signedAudit messages
  -     Bugzilla Bug #698885 - Race conditions during IPA installation
  - 'pki-selinux'
  - 'pki-ca'
  -     Bugzilla Bug #693815 - /var/log/tomcat6/catalina.out owned by pkiuser
  -     Bugzilla Bug #699837 - service command is not fully backwards compatible
        with Dogtag pki subsystems
  - 'pki-silent'
* Mon Apr 11 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.6-2
  - Bugzilla Bug #695157 - Auditverify on TPS audit log throws error.
* Tue Apr 05 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.6-1
  - Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
  - Bugzilla Bug #693327 - Missing requires: tomcatjss
  - 'pki-setup'
  -     Bugzilla Bug #690626 - pkiremove removes the registry entry for
        all instances on a machine
  - 'pki-symkey'
  - 'pki-native-tools'
  - 'pki-util'
  - 'pki-java-tools'
  -     Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port
        throws file not found exception.
  - 'pki-common'
  -     Bugzilla Bug #692990 - Audit log messages needed to match CC doc:
        DRM Recovery audit log messages
  - 'pki-selinux'
  - 'pki-ca'
  - 'pki-silent'
* Tue Apr 05 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.5-2
  - Bugzilla Bug #693327 - Missing requires: tomcatjss
* Fri Mar 25 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.5-1
  - Bugzilla Bug #690950 - Update Dogtag Packages for Fedora 15 (beta)
  - Require "jss >= 4.2.6-15" as a build and runtime requirement
  - Require "tomcatjss >= 2.1.1" as a build and runtime requirement
    for Fedora 15 and later platforms
  - 'pki-setup'
  -     Bugzilla Bug #688287 - Add "deprecation" notice regarding using
        "shared ports" in pkicreate -help . . .
  -     Bugzilla Bug #688251 - Dogtag installation under IPA takes
        too much time - SELinux policy compilation
  - 'pki-symkey'
  - 'pki-native-tools'
  - 'pki-util'
  - 'pki-java-tools'
  -     Bugzilla Bug #689501 - ExtJoiner tool fails to join the multiple
        extensions
  - 'pki-common'
  -     Bugzilla Bug #683581 - CA configuration with ECC(Default
        EC curve-nistp521) CA fails with 'signing operation failed'
  -     Bugzilla Bug #689662 - ocsp publishing needs to be re-enabled
        on the EE port
  - 'pki-selinux'
  -     Bugzilla Bug #684871 - ldaps selinux link change
  - 'pki-ca'
  -     Bugzilla Bug #683581 - CA configuration with ECC(Default
        EC curve-nistp521) CA fails with 'signing operation failed'
  -     Bugzilla Bug #684381 - CS.cfg specifies incorrect type of comments
  -     Bugzilla Bug #689453 - CRMFPopClient request to CA's unsecure port
        throws file not found exception.(profile and CS.cfg only)
  - 'pki-silent'
* Thu Mar 17 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.4-1
  - Bugzilla Bug #688763 - Rebase updated Dogtag Packages for Fedora 15 (alpha)
  - Bugzilla Bug #676182 - IPA installation failing - Fails to create CA
    instance
  - Bugzilla Bug #675742 - Profile caIPAserviceCert Not Found
  - 'pki-setup'
  -     Bugzilla Bug #678157 - uninitialized variable warnings from Perl
  -     Bugzilla Bug #679574 - Velocity fails to load all dependent classes
  -     Bugzilla Bug #680420 - xml-commons-apis.jar dependency
  -     Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's
        classpath
  -     Bugzilla Bug #673508 - CS8 64 bit pkicreate script uses wrong library
        name for SafeNet LunaSA
  - 'pki-common'
  -     Bugzilla Bug #673638 - Installation within IPA hangs
  -     Bugzilla Bug #678715 - netstat loop fixes needed
  -     Bugzilla Bug #673609 - CC: authorize() call needs to be added to
        getStats servlet
  - 'pki-selinux'
  -     Bugzilla Bug #674195: SELinux error message thrown during token
        enrollment
  - 'pki-ca'
  -     Bugzilla Bug #673638 - Installation within IPA hangs
  -     Bugzilla Bug #673609 - CC: authorize() call needs to be added to
        getStats servlet
  -     Bugzilla Bug #676330 - init script cannot start service
  - 'pki-silent'
  -     Bugzilla Bug #682013 - pkisilent needs xml-commons-apis.jar in it's
        classpath
* Wed Feb 09 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.3-2
  - 'pki-common'
  -     Bugzilla Bug #676051 - IPA installation failing - Fails to create CA
        instance
  -     Bugzilla Bug #676182 - IPA installation failing - Fails to create CA
        instance
* Fri Feb 04 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.3-1
  - 'pki-common'
  -     Bugzilla Bug #674894 - ipactl restart : an annoy output line
  -     Bugzilla Bug #675179 - ipactl restart : an annoy output line
* Thu Feb 03 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.2-1
  - Bugzilla Bug #673233 - Rebase pki-core to pick the latest features and fixes
  - 'pki-setup'
  -     Bugzilla Bug #673638 - Installation within IPA hangs
  - 'pki-symkey'
  - 'pki-native-tools'
  - 'pki-util'
  - 'pki-java-tools'
  -     Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
        by 'netscape.security.provider' package
  - 'pki-common'
  -     Bugzilla Bug #672291 - CA is not publishing certificates issued using
        "Manual User Dual-Use Certificate Enrollment"
  -     Bugzilla Bug #670337 - CA Clone configuration throws TCP connection
        error.
  -     Bugzilla Bug #504056 - Completed SCEP requests are assigned to the
        "begin" state instead of "complete".
  -     Bugzilla Bug #504055 - SCEP requests are not properly populated
  -     Bugzilla Bug #564207 - Searches for completed requests in the agent
        interface returns zero entries
  -     Bugzilla Bug #672291 - CA is not publishing certificates issued using
        "Manual User Dual-Use Certificate Enrollment" -
  -     Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
        by 'netscape.security.provider' package
  -     Bugzilla Bug #672920 - CA console: adding policy to a profile throws
        'Duplicate policy' error in some cases.
  -     Bugzilla Bug #673199 - init script returns control before web apps have
        started
  -     Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI
        subsystem instances
  - 'pki-selinux'
  - 'pki-ca'
  -     Bugzilla Bug #504013 - sscep request is rejected due to authentication
        error if submitted through one time pin router certificate enrollment.
  -     Bugzilla Bug #672111 - CC doc: certServer.usrgrp.administration missing
        information
  -     Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
        as part of CC interface review
  -     Bugzilla Bug #672333 - Creation of RA agent fails in IPA installation
  -     Bugzilla Bug #674917 - Restore identification of Tomcat-based PKI
        subsystem instances
  - 'pki-silent'
  -     Bugzilla Bug #673614 - CC: Review of cryptographic algorithms provided
        by 'netscape.security.provider' package
* Wed Feb 02 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-3
  - Bugzilla Bug #656661 - Please Update Spec File to use 'ghost' on files
    in /var/run and /var/lock
* Thu Jan 20 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-2
  - 'pki-symkey'
  -     Bugzilla Bug #671265 - pki-symkey jar version incorrect
  - 'pki-common'
  -     Bugzilla Bug #564207 - Searches for completed requests in the agent
        interface returns zero entries
* Tue Jan 18 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.1-1
  - Allow 'pki-native-tools' to be installed independently of 'pki-setup'
  - Removed explicit 'pki-setup' requirement from 'pki-ca'
    (since it already requires 'pki-common')
  - 'pki-setup'
  -     Bugzilla Bug #223343 - pkicreate: should add 'pkiuser' to nfast group
  -     Bugzilla Bug #629377 - Selinux errors during pkicreate CA, KRA, OCSP
        and TKS.
  -     Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
        fowarding for agent services
  -     Bugzilla Bug #632425 - Port to tomcat6
  -     Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
        OpenLDAP instead of the Mozldap
  -     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
        interface
  -     Bugzilla Bug #643206 - New CMake based build system for Dogtag
  -     Bugzilla Bug #658926 - org.apache.commons.lang class not found on F13
  -     Bugzilla Bug #661514 - CMAKE build system requires rules to make
        javadocs
  -     Bugzilla Bug #665388 - jakarta-* jars have been renamed to apache-*,
        pkicreate fails Fedora 14 and above
  -     Bugzilla Bug #23346 - Two conflicting ACL list definitions in source
        repository
  -     Bugzilla Bug #656733 - Standardize jar install location and jar names
  - 'pki-symkey'
  -     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
        interface
  -     Bugzilla Bug #643206 - New CMake based build system for Dogtag
  -     Bugzilla Bug #644056 - CS build contains warnings
  - 'pki-native-tools'
  -     template change
  -     Bugzilla Bug #606946 - Convert Native Tools to use ldapAPI from
        OpenLDAP instead of the Mozldap
  -     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
        interface
  -     Bugzilla Bug #643206 - New CMake based build system for Dogtag
  -     Bugzilla Bug #644056 - CS build contains warnings
  - 'pki-util'
  -     Bugzilla Bug #615814 - rhcs80 - profile policyConstraintsCritical
        cannot be set to true
  -     Bugzilla Bug #224945 - javadocs has missing descriptions, contains
        empty packages
  -     Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
  -     Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
        senderNonce in all signed SCEP responses.
  -     Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
        attack in SCEP
  -     Bugzilla Bug #621334 - Provide an option to set default hash algorithm
        for signing SCEP response messages.
  -     Bugzilla Bug #635033 - At installation wizard selecting key types other
        than CA's signing cert will fail
  -     Bugzilla Bug #645874 - rfe ecc - add ecc curve name support in JSS and
        CS interface
  -     Bugzilla Bug #488253 - com.netscape.cmsutil.ocsp.BasicOCSPResponse
        ASN.1 encoding/decoding is broken
  -     Bugzilla Bug #551410 - com.netscape.cmsutil.ocsp.TBSRequest ASN.1
        encoding/decoding is incomplete
  -     Bugzilla Bug #550331 - com.netscape.cmsutil.ocsp.ResponseData ASN.1
        encoding/decoding is incomplete
  -     Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
        policy extension to 5 only
  -     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
        interface
  -     Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
  -     Bugzilla Bug #643206 - New CMake based build system for Dogtag
  -     Bugzilla Bug #661514 - CMAKE build system requires rules to make
        javadocs
  -     Bugzilla Bug #658188 - remove remaining references to tomcat5
  -     Bugzilla Bug #656733 - Standardize jar install location and jar names
  -     Bugzilla Bug #223319 - Certificate Status inconsistency between token
        db and CA
  -     Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
        During CRL Generation
  - 'pki-java-tools'
  -     Bugzilla Bug #224945 - javadocs has missing descriptions, contains
        empty packages
  -     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
        interface
  -     Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
  -     Bugzilla Bug #643206 - New CMake based build system for Dogtag
  -     Bugzilla Bug #661514 - CMAKE build system requires rules to make
        javadocs
  -     Bugzilla Bug #662156 - HttpClient is hard-coded to handle only up to
        5000 bytes
  -     Bugzilla Bug #656733 - Standardize jar install location and jar names
  - 'pki-common'
  -     Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
  -     Bugzilla Bug #623745 - SessionTimer with LDAPSecurityDomainSessionTable
        started before configuration completed
  -     Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
        logs in the java subsystems
  -     Bugzilla Bug #615827 - rhcs80 - profile policies need more than 5
        policy mappings (seem hardcoded)
  -     Bugzilla Bug #224945 - javadocs has missing descriptions, contains
        empty packages
  -     Bugzilla Bug #548699 - subCA's admin certificate should be generated by
        itself
  -     Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
  -     Bugzilla Bug #563386 - rhcs80 ca crash on invalid inputs to profile
        caAgentServerCert (null cert_request)
  -     Bugzilla Bug #621339 - SCEP one-time PIN can be used an unlimited
        number of times
  -     Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
        as part of CC interface review
  -     Bugzilla Bug #629677 - TPS: token enrollment fails.
  -     Bugzilla Bug #621350 - Unauthenticated user can decrypt a one-time PIN
        in a SCEP request
  -     Bugzilla Bug #503838 - rhcs71-80 external publishing ldap connection
        pools not reliable - improve connections or discovery
  -     Bugzilla Bug #629769 - password decryption logs plain text password
  -     Bugzilla Bug #583823 - CC: Auditing issues found as result of
        CC - interface review
  -     Bugzilla Bug #632425 - Port to tomcat6
  -     Bugzilla Bug #586700 - OCSP Server throws fatal error while using
        OCSP console for renewing SSL Server certificate.
  -     Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
  -     Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
        senderNonce in all signed SCEP responses.
  -     Bugzilla Bug #607380 - CC: Make sure Java Console can configure all
        security relevant config items
  -     Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
        generated on TKS instead of TPS.
  -     Bugzilla Bug #489342 -
        com.netscape.cms.servlet.common.CMCOutputTemplate.java
        doesn't support EC
  -     Bugzilla Bug #630121 - OCSP responder lacking option to delete or
        disable a CA that it serves
  -     Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
  -     Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
        attack in SCEP
  -     Bugzilla Bug #621334 - Provide an option to set default hash algorithm
        for signing SCEP response messages.
  -     Bugzilla Bug #635033 - At installation wizard selecting key types other
        than CA's signing cert will fail
  -     Bugzilla Bug #621341 - Add CA support for new SCEP key pair dedicated
        for SCEP signing and encryption.
  -     Bugzilla Bug #223336 - ECC: unable to clone a ECC CA
  -     Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
        by Reason Code - onlySomeReasons ?
  -     Bugzilla Bug #637330 - CC feature: Key Management - provide signature
        verification functions (JAVA subsystems)
  -     Bugzilla Bug #223313 - should do random generated IV param
        for symmetric keys
  -     Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
        fowarding for agent services
  -     Bugzilla Bug #630176 - Improve reliability of the LdapAnonConnFactory
  -     Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
        ECC curve names (not on key sizes).
  -     Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
        Certificates from the Same Request
  -     Bugzilla Bug #648757 - expose and use updated cert verification
        function in JSS
  -     Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
        of signature algorithm; and for ECC curves
  -     Bugzilla Bug #451874 - RFE - Java console - Certificate Wizard missing
        e.c. support
  -     Bugzilla Bug #651040 - cloning shoud not include sslserver
  -     Bugzilla Bug #542863 - RHCS8: Default cert audit nickname written to
        CS.cfg files imcomplete when the cert is stored on a hsm
  -     Bugzilla Bug #360721 - New Feature: Profile Integrity Check . . .
  -     Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
        to talk to CA and complete configuration in DonePanel
  -     Bugzilla Bug #642359 - CC Feature - need to verify certificate when it
        is added
  -     Bugzilla Bug #653713 - CC: setting trust on a CIMC cert requires
        auditing
  -     Bugzilla Bug #489385 - references to rhpki
  -     Bugzilla Bug #499494 - change CA defaults to SHA2
  -     Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
        policy extension to 5 only
  -     Bugzilla Bug #649910 - Console: an auditor or agent can be added to
        an administrator group.
  -     Bugzilla Bug #632425 - Port to tomcat6
  -     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
        interface
  -     Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
  -     Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
        as expected
  -     Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
        validity
  -     Bugzilla Bug #643206 - New CMake based build system for Dogtag
  -     Bugzilla Bug #659004 - CC: AuditVerify hardcoded with SHA-1
  -     Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
        Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
  -     Bugzilla Bug #661889 - The Servlet TPSRevokeCert of the CA returns an
        error to TPS even if certificate in question is already revoked.
  -     Bugzilla Bug #663546 - Disable the functionalities that are not exposed
        in the console
  -     Bugzilla Bug #661514 - CMAKE build system requires rules to make
        javadocs
  -     Bugzilla Bug #658188 - remove remaining references to tomcat5
  -     Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
  -     Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
        pkiCA, obsolete 2252 and 2256
  -     Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
  -     Bugzilla Bug #656733 - Standardize jar install location and jar names
  -     Bugzilla Bug #661142 - Verification should fail when
        a revoked certificate is added
  -     Bugzilla Bug #642741 - CS build uses deprecated functions
  -     Bugzilla Bug #670337 - CA Clone configuration throws TCP connection error
  -     Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
        interface is no longer available through console
  - 'pki-selinux'
  -     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
        interface
  -     Bugzilla Bug #643206 - New CMake based build system for Dogtag
  -     Bugzilla Bug #667153 - store nuxwdog passwords in kernel ring buffer -
        selinux changes
  - 'pki-ca'
  -     Bugzilla Bug #583822 - CC: ACL issues from CA interface CC doc review
  -     Bugzilla Bug #620925 - CC: auditor needs to be able to download audit
        logs in the java subsystems
  -     Bugzilla Bug #621322 - Provide switch disabling SCEP support in CA
  -     Bugzilla Bug #583824 - CC: Duplicate servlet mappings found as part of
        CC interface doc review
  -     Bugzilla Bug #621602 - pkiconsole: Click on 'Publishing' option with
        admin privilege throws error "You are not authorized to perform this
        operation".
  -     Bugzilla Bug #583825 - CC: Obsolete servlets to be removed from web.xml
        as part of CC interface review
  -     Bugzilla Bug #583823 - CC: Auditing issues found as result of
        CC - interface review
  -     Bugzilla Bug #519291 - Deleting a CRL Issuing Point after edits throws
        'Internal Server Error'.
  -     Bugzilla Bug #586700 - OCSP Server throws fatal error while using
        OCSP console for renewing SSL Server certificate.
  -     Bugzilla Bug #621337 - Limit the received senderNonce value to 16 bytes.
  -     Bugzilla Bug #621338 - Include a server randomly-generated 16 byte
        senderNonce in all signed SCEP responses.
  -     Bugzilla Bug #558100 - host challenge of the Secure Channel needs to be
        generated on TKS instead of TPS.
  -     Bugzilla Bug #630121 - OCSP responder lacking option to delete or
        disable a CA that it serves
  -     Bugzilla Bug #634663 - CA CMC response default hard-coded to SHA1
  -     Bugzilla Bug #621327 - Provide switch disabling algorithm downgrade
        attack in SCEP
  -     Bugzilla Bug #621334 - Provide an option to set default hash algorithm
        for signing SCEP response messages.
  -     Bugzilla Bug #539781 - rhcs 71 - CRLs Partitioned
        by Reason Code - onlySomeReasons ?
  -     Bugzilla Bug #637330 - CC feature: Key Management - provide signature
        verification functions (JAVA subsystems)
  -     Bugzilla Bug #555927 - rhcs80 - AgentRequestFilter servlet and port
        fowarding for agent services
  -     Bugzilla Bug #524916 - ECC key constraints plug-ins should be based on
        ECC curve names (not on key sizes).
  -     Bugzilla Bug #516632 - RHCS 7.1 - CS Incorrectly Issuing Multiple
        Certificates from the Same Request
  -     Bugzilla Bug #638242 - Installation Wizard: at SizePanel, fix selection
        of signature algorithm; and for ECC curves
  -     Bugzilla Bug #529945 - (Instructions and sample only) CS 8.0 GA
        release -- DRM and TKS do not seem to have CRL checking enabled
  -     Bugzilla Bug #609641 - CC: need procedure (and possibly tools) to help
        correctly set up CC environment
  -     Bugzilla Bug #509481 - RFE: support sMIMECapabilities extensions in
        certificates (RFC 4262)
  -     Bugzilla Bug #651916 - kra and ocsp are using incorrect ports
        to talk to CA and complete configuration in DonePanel
  -     Bugzilla Bug #511990 - rhcs 7.3, 8.0 - re-activate missing object
        signing support in RHCS
  -     Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
  -     Bugzilla Bug #489385 - references to rhpki
  -     Bugzilla Bug #499494 - change CA defaults to SHA2
  -     Bugzilla Bug #623452 - rhcs80 pkiconsole profile policy editor limit
        policy extension to 5 only
  -     Bugzilla Bug #649910 - Console: an auditor or agent can be added to
        an administrator group.
  -     Bugzilla Bug #632425 - Port to tomcat6
  -     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
        interface
  -     Bugzilla Bug #653576 - tomcat5 does not always run filters on servlets
        as expected
  -     Bugzilla Bug #642357 - CC Feature- Self-Test plugins only check for
        validity
  -     Bugzilla Bug #643206 - New CMake based build system for Dogtag
  -     Bugzilla Bug #661128 - incorrect CA ports used for revoke, unrevoke
        certs in TPS
  -     Bugzilla Bug #512496 - RFE rhcs80 - crl updates and scheduling feature 
  -     Bugzilla Bug #661196 - ECC(with nethsm) subca configuration fails with
        Key Type RSA Not Matched despite using ECC key pairs for rootCA & subCA.
  -     Bugzilla Bug #649343 - Publishing queue should recover from CA crash.
  -     Bugzilla Bug #491183 - rhcs rfe - add rfc 4523 support for pkiUser and
        pkiCA, obsolete 2252 and 2256
  -     Bugzilla Bug #223346 - Two conflicting ACL list definitions in source
        repository
  -     Bugzilla Bug #640710 - Current SCEP implementation does not support HSMs
  -     Bugzilla Bug #656733 - Standardize jar install location and jar names
  -     Bugzilla Bug #661142 - Verification should fail when
        a revoked certificate is added
  -     Bugzilla Bug #668100 - DRM storage cert has OCSP signing extended key
        usage
  -     Bugzilla Bug #662127 - CC doc Error: SignedAuditLog expiration time
        interface is no longer available through console
  -     Bugzilla Bug #531137 - RHCS 7.1 - Running out of Java Heap Memory
        During CRL Generation
  - 'pki-silent'
  -     Bugzilla Bug #627309 - pkisilent subca configuration fails.
  -     Bugzilla Bug #640091 - pkisilent panels need to match with changed java
        subsystems
  -     Bugzilla Bug #527322 - pkisilent ConfigureDRM should configure DRM
        Clone.
  -     Bugzilla Bug #643053 - pkisilent DRM configuration fails
  -     Bugzilla Bug #583754 - pki-silent needs an option to configure signing
        algorithm for CA certificates
  -     Bugzilla Bug #489385 - references to rhpki
  -     Bugzilla Bug #638377 - Generate PKI UI components which exclude a GUI
        interface
  -     Bugzilla Bug #651977 - turn off ssl2 for java servers (server.xml)
  -     Bugzilla Bug #640042 - TPS Installlation Wizard: need to move Module
        Panel up to before Security Domain Panel
  -     Bugzilla Bug #643206 - New CMake based build system for Dogtag
  -     Bugzilla Bug #588323 - Failed to enable cipher 0xc001
  -     Bugzilla Bug #656733 - Standardize jar install location and jar names
  -     Bugzilla Bug #645895 - pkisilent: add ability to select ECC curves,
        signing algorithm
  -     Bugzilla Bug #658641 - pkisilent doesn't not properly handle passwords
        with special characters
  -     Bugzilla Bug #642741 - CS build uses deprecated functions
* Thu Jan 13 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-3
  - Bugzilla Bug #668839 - Review Request: pki-core
  -   Removed empty "pre" from "pki-ca"
  -   Consolidated directory ownership
  -   Corrected file ownership within subpackages
  -   Removed all versioning from NSS and NSPR packages
* Thu Jan 13 2011 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-2
  - Bugzilla Bug #668839 - Review Request: pki-core
  -   Added component versioning comments
  -   Updated JSS from "4.2.6-10" to "4.2.6-12"
  -   Modified installation section to preserve timestamps
  -   Removed sectional comments
* Wed Dec 01 2010 Matthew Harmsen <mharmsen@redhat.com> 9.0.0-1
  - Initial revision. (kwright@redhat.com & mharmsen@redhat.com)

Files

/usr/share/doc/pki-ca-10.5.18
/usr/share/doc/pki-ca-10.5.18/LICENSE
/usr/share/java/pki/pki-ca.jar
/usr/share/pki/ca
/usr/share/pki/ca/conf
/usr/share/pki/ca/conf/CS.cfg
/usr/share/pki/ca/conf/Catalina
/usr/share/pki/ca/conf/Catalina/localhost
/usr/share/pki/ca/conf/Catalina/localhost/ca.xml
/usr/share/pki/ca/conf/acl.ldif
/usr/share/pki/ca/conf/acl.properties
/usr/share/pki/ca/conf/auth-method.properties
/usr/share/pki/ca/conf/caAuditSigningCert.profile
/usr/share/pki/ca/conf/caCert.profile
/usr/share/pki/ca/conf/caOCSPCert.profile
/usr/share/pki/ca/conf/crlcaissuer.ldif
/usr/share/pki/ca/conf/crlcaissuertasks.ldif
/usr/share/pki/ca/conf/db.ldif
/usr/share/pki/ca/conf/eccAdminCert.profile
/usr/share/pki/ca/conf/eccServerCert.profile
/usr/share/pki/ca/conf/eccSubsystemCert.profile
/usr/share/pki/ca/conf/flatfile.txt
/usr/share/pki/ca/conf/index.ldif
/usr/share/pki/ca/conf/indextasks.ldif
/usr/share/pki/ca/conf/jk2.manifest
/usr/share/pki/ca/conf/jk2.properties
/usr/share/pki/ca/conf/jkconf.ant.xml
/usr/share/pki/ca/conf/jkconfig.manifest
/usr/share/pki/ca/conf/proxy.conf
/usr/share/pki/ca/conf/registry.cfg
/usr/share/pki/ca/conf/rsaAdminCert.profile
/usr/share/pki/ca/conf/rsaServerCert.profile
/usr/share/pki/ca/conf/rsaSubsystemCert.profile
/usr/share/pki/ca/conf/server-minimal.xml
/usr/share/pki/ca/conf/serverCert.profile.exampleWithSAN
/usr/share/pki/ca/conf/serverCert.profile.exampleWithSANpattern
/usr/share/pki/ca/conf/shm.manifest
/usr/share/pki/ca/conf/tomcat-jk2.manifest
/usr/share/pki/ca/conf/tomcat-users.xml
/usr/share/pki/ca/conf/uriworkermap.properties
/usr/share/pki/ca/conf/vlv.ldif
/usr/share/pki/ca/conf/vlvtasks.ldif
/usr/share/pki/ca/conf/workers.properties
/usr/share/pki/ca/conf/workers.properties.minimal
/usr/share/pki/ca/conf/workers2.properties
/usr/share/pki/ca/conf/workers2.properties.minimal
/usr/share/pki/ca/emails
/usr/share/pki/ca/emails/ExpiredUnpublishJob
/usr/share/pki/ca/emails/ExpiredUnpublishJobItem
/usr/share/pki/ca/emails/certIssued_CA
/usr/share/pki/ca/emails/certIssued_CA.html
/usr/share/pki/ca/emails/certIssued_RA
/usr/share/pki/ca/emails/certIssued_RA.html
/usr/share/pki/ca/emails/certRequestRejected.html
/usr/share/pki/ca/emails/certRevoked_CA
/usr/share/pki/ca/emails/certRevoked_CA.html
/usr/share/pki/ca/emails/certRevoked_RA
/usr/share/pki/ca/emails/certRevoked_RA.html
/usr/share/pki/ca/emails/euJob1.html
/usr/share/pki/ca/emails/euJob1Item.html
/usr/share/pki/ca/emails/publishCerts.html
/usr/share/pki/ca/emails/publishCertsItem.html
/usr/share/pki/ca/emails/reqInQueue_CA
/usr/share/pki/ca/emails/reqInQueue_CA.html
/usr/share/pki/ca/emails/reqInQueue_RA
/usr/share/pki/ca/emails/reqInQueue_RA.html
/usr/share/pki/ca/emails/riq1Item.html
/usr/share/pki/ca/emails/riq1Summary.html
/usr/share/pki/ca/emails/rnJob1.txt
/usr/share/pki/ca/emails/rnJob1Item.txt
/usr/share/pki/ca/emails/rnJob1Summary.txt
/usr/share/pki/ca/profiles
/usr/share/pki/ca/profiles/ca
/usr/share/pki/ca/profiles/ca/AdminCert.cfg
/usr/share/pki/ca/profiles/ca/DomainController.cfg
/usr/share/pki/ca/profiles/ca/ECAdminCert.cfg
/usr/share/pki/ca/profiles/ca/caAdminCert.cfg
/usr/share/pki/ca/profiles/ca/caAgentFileSigning.cfg
/usr/share/pki/ca/profiles/ca/caAgentServerCert.cfg
/usr/share/pki/ca/profiles/ca/caAuditSigningCert.cfg
/usr/share/pki/ca/profiles/ca/caCACert.cfg
/usr/share/pki/ca/profiles/ca/caCMCECUserCert.cfg
/usr/share/pki/ca/profiles/ca/caCMCECserverCert.cfg
/usr/share/pki/ca/profiles/ca/caCMCECsubsystemCert.cfg
/usr/share/pki/ca/profiles/ca/caCMCUserCert.cfg
/usr/share/pki/ca/profiles/ca/caCMCauditSigningCert.cfg
/usr/share/pki/ca/profiles/ca/caCMCcaCert.cfg
/usr/share/pki/ca/profiles/ca/caCMCkraStorageCert.cfg
/usr/share/pki/ca/profiles/ca/caCMCkraTransportCert.cfg
/usr/share/pki/ca/profiles/ca/caCMCocspCert.cfg
/usr/share/pki/ca/profiles/ca/caCMCserverCert.cfg
/usr/share/pki/ca/profiles/ca/caCMCsubsystemCert.cfg
/usr/share/pki/ca/profiles/ca/caCrossSignedCACert.cfg
/usr/share/pki/ca/profiles/ca/caDirBasedDualCert.cfg
/usr/share/pki/ca/profiles/ca/caDirPinUserCert.cfg
/usr/share/pki/ca/profiles/ca/caDirUserCert.cfg
/usr/share/pki/ca/profiles/ca/caDirUserRenewal.cfg
/usr/share/pki/ca/profiles/ca/caDualCert.cfg
/usr/share/pki/ca/profiles/ca/caDualRAuserCert.cfg
/usr/share/pki/ca/profiles/ca/caECAdminCert.cfg
/usr/share/pki/ca/profiles/ca/caECAgentServerCert.cfg
/usr/share/pki/ca/profiles/ca/caECDirPinUserCert.cfg
/usr/share/pki/ca/profiles/ca/caECDirUserCert.cfg
/usr/share/pki/ca/profiles/ca/caECDualCert.cfg
/usr/share/pki/ca/profiles/ca/caECFullCMCSharedTokenCert.cfg
/usr/share/pki/ca/profiles/ca/caECFullCMCUserCert.cfg
/usr/share/pki/ca/profiles/ca/caECFullCMCUserSignedCert.cfg
/usr/share/pki/ca/profiles/ca/caECInternalAuthServerCert.cfg
/usr/share/pki/ca/profiles/ca/caECInternalAuthSubsystemCert.cfg
/usr/share/pki/ca/profiles/ca/caECServerCert.cfg
/usr/share/pki/ca/profiles/ca/caECSimpleCMCUserCert.cfg
/usr/share/pki/ca/profiles/ca/caECSubsystemCert.cfg
/usr/share/pki/ca/profiles/ca/caECUserCert.cfg
/usr/share/pki/ca/profiles/ca/caEncECUserCert.cfg
/usr/share/pki/ca/profiles/ca/caEncUserCert.cfg
/usr/share/pki/ca/profiles/ca/caFullCMCSharedTokenCert.cfg
/usr/share/pki/ca/profiles/ca/caFullCMCUserCert.cfg
/usr/share/pki/ca/profiles/ca/caFullCMCUserSignedCert.cfg
/usr/share/pki/ca/profiles/ca/caIPAserviceCert.cfg
/usr/share/pki/ca/profiles/ca/caInstallCACert.cfg
/usr/share/pki/ca/profiles/ca/caInternalAuthAuditSigningCert.cfg
/usr/share/pki/ca/profiles/ca/caInternalAuthDRMstorageCert.cfg
/usr/share/pki/ca/profiles/ca/caInternalAuthOCSPCert.cfg
/usr/share/pki/ca/profiles/ca/caInternalAuthServerCert.cfg
/usr/share/pki/ca/profiles/ca/caInternalAuthSubsystemCert.cfg
/usr/share/pki/ca/profiles/ca/caInternalAuthTransportCert.cfg
/usr/share/pki/ca/profiles/ca/caJarSigningCert.cfg
/usr/share/pki/ca/profiles/ca/caManualRenewal.cfg
/usr/share/pki/ca/profiles/ca/caOCSPCert.cfg
/usr/share/pki/ca/profiles/ca/caOtherCert.cfg
/usr/share/pki/ca/profiles/ca/caRACert.cfg
/usr/share/pki/ca/profiles/ca/caRARouterCert.cfg
/usr/share/pki/ca/profiles/ca/caRAagentCert.cfg
/usr/share/pki/ca/profiles/ca/caRAserverCert.cfg
/usr/share/pki/ca/profiles/ca/caRouterCert.cfg
/usr/share/pki/ca/profiles/ca/caSSLClientSelfRenewal.cfg
/usr/share/pki/ca/profiles/ca/caServerCert.cfg
/usr/share/pki/ca/profiles/ca/caServerKeygen_DirUserCert.cfg
/usr/share/pki/ca/profiles/ca/caServerKeygen_UserCert.cfg
/usr/share/pki/ca/profiles/ca/caSignedLogCert.cfg
/usr/share/pki/ca/profiles/ca/caSigningECUserCert.cfg
/usr/share/pki/ca/profiles/ca/caSigningUserCert.cfg
/usr/share/pki/ca/profiles/ca/caSimpleCMCUserCert.cfg
/usr/share/pki/ca/profiles/ca/caStorageCert.cfg
/usr/share/pki/ca/profiles/ca/caSubsystemCert.cfg
/usr/share/pki/ca/profiles/ca/caTPSCert.cfg
/usr/share/pki/ca/profiles/ca/caTempTokenDeviceKeyEnrollment.cfg
/usr/share/pki/ca/profiles/ca/caTempTokenUserEncryptionKeyEnrollment.cfg
/usr/share/pki/ca/profiles/ca/caTempTokenUserSigningKeyEnrollment.cfg
/usr/share/pki/ca/profiles/ca/caTokenDeviceKeyEnrollment.cfg
/usr/share/pki/ca/profiles/ca/caTokenMSLoginEnrollment.cfg
/usr/share/pki/ca/profiles/ca/caTokenUserAuthKeyRenewal.cfg
/usr/share/pki/ca/profiles/ca/caTokenUserDelegateAuthKeyEnrollment.cfg
/usr/share/pki/ca/profiles/ca/caTokenUserDelegateSigningKeyEnrollment.cfg
/usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyEnrollment.cfg
/usr/share/pki/ca/profiles/ca/caTokenUserEncryptionKeyRenewal.cfg
/usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyEnrollment.cfg
/usr/share/pki/ca/profiles/ca/caTokenUserSigningKeyRenewal.cfg
/usr/share/pki/ca/profiles/ca/caTransportCert.cfg
/usr/share/pki/ca/profiles/ca/caUUIDdeviceCert.cfg
/usr/share/pki/ca/profiles/ca/caUserCert.cfg
/usr/share/pki/ca/profiles/ca/caUserSMIMEcapCert.cfg
/usr/share/pki/ca/setup
/usr/share/pki/ca/setup/registry_instance
/usr/share/pki/ca/webapps
/usr/share/pki/ca/webapps/ROOT
/usr/share/pki/ca/webapps/ROOT/WEB-INF
/usr/share/pki/ca/webapps/ROOT/WEB-INF/web.xml
/usr/share/pki/ca/webapps/ROOT/index.jsp
/usr/share/pki/ca/webapps/ca
/usr/share/pki/ca/webapps/ca/404.html
/usr/share/pki/ca/webapps/ca/500.html
/usr/share/pki/ca/webapps/ca/GenUnexpectedError.template
/usr/share/pki/ca/webapps/ca/WEB-INF
/usr/share/pki/ca/webapps/ca/WEB-INF/lib
/usr/share/pki/ca/webapps/ca/WEB-INF/lib/pki-ca.jar
/usr/share/pki/ca/webapps/ca/WEB-INF/lib/pki-certsrv.jar
/usr/share/pki/ca/webapps/ca/WEB-INF/lib/pki-cms.jar
/usr/share/pki/ca/webapps/ca/WEB-INF/lib/pki-cmsbundle.jar
/usr/share/pki/ca/webapps/ca/WEB-INF/lib/pki-cmscore.jar
/usr/share/pki/ca/webapps/ca/WEB-INF/lib/pki-cmsutil.jar
/usr/share/pki/ca/webapps/ca/WEB-INF/lib/pki-nsutil.jar
/usr/share/pki/ca/webapps/ca/WEB-INF/velocity.properties
/usr/share/pki/ca/webapps/ca/WEB-INF/web.xml
/usr/share/pki/ca/webapps/ca/admin
/usr/share/pki/ca/webapps/ca/admin/GenUnexpectedError.template
/usr/share/pki/ca/webapps/ca/admin/ca
/usr/share/pki/ca/webapps/ca/admin/ca/EnrollSuccess.template
/usr/share/pki/ca/webapps/ca/admin/ca/ImportAdminCert.template
/usr/share/pki/ca/webapps/ca/admin/ca/ImportCert.template
/usr/share/pki/ca/webapps/ca/admin/ca/adminEnroll.html
/usr/share/pki/ca/webapps/ca/admin/ca/securitydomainlogin.template
/usr/share/pki/ca/webapps/ca/admin/ca/sendCookie.template
/usr/share/pki/ca/webapps/ca/admin/cms-funcs.js
/usr/share/pki/ca/webapps/ca/admin/console
/usr/share/pki/ca/webapps/ca/admin/helpfun.js
/usr/share/pki/ca/webapps/ca/admin/index.jsp
/usr/share/pki/ca/webapps/ca/agent
/usr/share/pki/ca/webapps/ca/agent/GenError.template
/usr/share/pki/ca/webapps/ca/agent/GenPending.template
/usr/share/pki/ca/webapps/ca/agent/GenRejected.template
/usr/share/pki/ca/webapps/ca/agent/GenSuccess.template
/usr/share/pki/ca/webapps/ca/agent/GenSvcPending.template
/usr/share/pki/ca/webapps/ca/agent/GenUnauthorized.template
/usr/share/pki/ca/webapps/ca/agent/GenUnexpectedError.template
/usr/share/pki/ca/webapps/ca/agent/ca
/usr/share/pki/ca/webapps/ca/agent/ca/EnrollSuccess.template
/usr/share/pki/ca/webapps/ca/agent/ca/ImportCert.template
/usr/share/pki/ca/webapps/ca/agent/ca/ListRequests.html
/usr/share/pki/ca/webapps/ca/agent/ca/ProfileApprove.template
/usr/share/pki/ca/webapps/ca/agent/ca/ProfileList.template
/usr/share/pki/ca/webapps/ca/agent/ca/ProfileProcess.template
/usr/share/pki/ca/webapps/ca/agent/ca/ProfileReview.template
/usr/share/pki/ca/webapps/ca/agent/ca/ProfileSelect.template
/usr/share/pki/ca/webapps/ca/agent/ca/SrchCert.html
/usr/share/pki/ca/webapps/ca/agent/ca/SrchRequests.html
/usr/share/pki/ca/webapps/ca/agent/ca/SrchRevokeCert.html
/usr/share/pki/ca/webapps/ca/agent/ca/UpdateDir.html
/usr/share/pki/ca/webapps/ca/agent/ca/bulkissuance.template
/usr/share/pki/ca/webapps/ca/agent/ca/cloneRedirect.template
/usr/share/pki/ca/webapps/ca/agent/ca/confirmRevocation.template
/usr/share/pki/ca/webapps/ca/agent/ca/displayBySerial.template
/usr/share/pki/ca/webapps/ca/agent/ca/displayBySerial2.template
/usr/share/pki/ca/webapps/ca/agent/ca/displayCRL.template
/usr/share/pki/ca/webapps/ca/agent/ca/displayCertFromRequest.template
/usr/share/pki/ca/webapps/ca/agent/ca/error.template
/usr/share/pki/ca/webapps/ca/agent/ca/frameCRL.html
/usr/share/pki/ca/webapps/ca/agent/ca/frameDir.html
/usr/share/pki/ca/webapps/ca/agent/ca/frameDisplayCRL.html
/usr/share/pki/ca/webapps/ca/agent/ca/frameList.html
/usr/share/pki/ca/webapps/ca/agent/ca/frameListReq.html
/usr/share/pki/ca/webapps/ca/agent/ca/frameOCSP.html
/usr/share/pki/ca/webapps/ca/agent/ca/frameProfile.html
/usr/share/pki/ca/webapps/ca/agent/ca/frameRevoke.html
/usr/share/pki/ca/webapps/ca/agent/ca/frameSearch.html
/usr/share/pki/ca/webapps/ca/agent/ca/frameSrchRequests.html
/usr/share/pki/ca/webapps/ca/agent/ca/frameStats.html
/usr/share/pki/ca/webapps/ca/agent/ca/getOCSPInfo.template
/usr/share/pki/ca/webapps/ca/agent/ca/getStats.template
/usr/share/pki/ca/webapps/ca/agent/ca/index.jsp
/usr/share/pki/ca/webapps/ca/agent/ca/menuCRL.html
/usr/share/pki/ca/webapps/ca/agent/ca/menuDir.html
/usr/share/pki/ca/webapps/ca/agent/ca/menuDisplayCRL.html
/usr/share/pki/ca/webapps/ca/agent/ca/menuList.html
/usr/share/pki/ca/webapps/ca/agent/ca/menuListReq.html
/usr/share/pki/ca/webapps/ca/agent/ca/menuOCSP.html
/usr/share/pki/ca/webapps/ca/agent/ca/menuProfile.html
/usr/share/pki/ca/webapps/ca/agent/ca/menuRevoke.html
/usr/share/pki/ca/webapps/ca/agent/ca/menuSearch.html
/usr/share/pki/ca/webapps/ca/agent/ca/menuSrchRequests.html
/usr/share/pki/ca/webapps/ca/agent/ca/menuStats.html
/usr/share/pki/ca/webapps/ca/agent/ca/monitor.html
/usr/share/pki/ca/webapps/ca/agent/ca/monitor.template
/usr/share/pki/ca/webapps/ca/agent/ca/notImplemented.html
/usr/share/pki/ca/webapps/ca/agent/ca/processCertReq.template
/usr/share/pki/ca/webapps/ca/agent/ca/processReq.template
/usr/share/pki/ca/webapps/ca/agent/ca/queryBySerial.html
/usr/share/pki/ca/webapps/ca/agent/ca/queryCert.html
/usr/share/pki/ca/webapps/ca/agent/ca/queryCert.template
/usr/share/pki/ca/webapps/ca/agent/ca/queryReq.template
/usr/share/pki/ca/webapps/ca/agent/ca/reasonToRevoke.template
/usr/share/pki/ca/webapps/ca/agent/ca/revocationResult.template
/usr/share/pki/ca/webapps/ca/agent/ca/revokeBySerial.template
/usr/share/pki/ca/webapps/ca/agent/ca/revokeCert.html
/usr/share/pki/ca/webapps/ca/agent/ca/srchCert.template
/usr/share/pki/ca/webapps/ca/agent/ca/toDisplayCRL.template
/usr/share/pki/ca/webapps/ca/agent/ca/toUpdateCRL.template
/usr/share/pki/ca/webapps/ca/agent/ca/top.html
/usr/share/pki/ca/webapps/ca/agent/ca/unrevocationResult.template
/usr/share/pki/ca/webapps/ca/agent/ca/updateCRL.html
/usr/share/pki/ca/webapps/ca/agent/ca/updateCRL.template
/usr/share/pki/ca/webapps/ca/agent/ca/updateDir.template
/usr/share/pki/ca/webapps/ca/agent/cms-funcs.js
/usr/share/pki/ca/webapps/ca/agent/funcs.js
/usr/share/pki/ca/webapps/ca/agent/header.template
/usr/share/pki/ca/webapps/ca/agent/helpfun.js
/usr/share/pki/ca/webapps/ca/agent/index.jsp
/usr/share/pki/ca/webapps/ca/agent/index.template
/usr/share/pki/ca/webapps/ca/agent/ports.template
/usr/share/pki/ca/webapps/ca/ee
/usr/share/pki/ca/webapps/ca/ee/GenError.template
/usr/share/pki/ca/webapps/ca/ee/GenPending.template
/usr/share/pki/ca/webapps/ca/ee/GenRejected.template
/usr/share/pki/ca/webapps/ca/ee/GenSuccess.template
/usr/share/pki/ca/webapps/ca/ee/GenSvcPending.template
/usr/share/pki/ca/webapps/ca/ee/GenUnauthorized.template
/usr/share/pki/ca/webapps/ca/ee/GenUnexpectedError.template
/usr/share/pki/ca/webapps/ca/ee/ca
/usr/share/pki/ca/webapps/ca/ee/ca/AIMEnroll.html
/usr/share/pki/ca/webapps/ca/ee/ca/CMCEnrollment.html
/usr/share/pki/ca/webapps/ca/ee/ca/CMCRevReq.html
/usr/share/pki/ca/webapps/ca/ee/ca/CertBasedDualEnroll.html
/usr/share/pki/ca/webapps/ca/ee/ca/CertBasedEncryptionEnroll.html
/usr/share/pki/ca/webapps/ca/ee/ca/CertBasedSingleEnroll.html
/usr/share/pki/ca/webapps/ca/ee/ca/ChallengeRevoke1.html
/usr/share/pki/ca/webapps/ca/ee/ca/DirPinUserEnroll.html
/usr/share/pki/ca/webapps/ca/ee/ca/DirUserEnroll.html
/usr/share/pki/ca/webapps/ca/ee/ca/DisplayCRL.html
/usr/share/pki/ca/webapps/ca/ee/ca/EnrollSuccess.template
/usr/share/pki/ca/webapps/ca/ee/ca/GetCAChain.html
/usr/share/pki/ca/webapps/ca/ee/ca/ImportAdminCert.template
/usr/share/pki/ca/webapps/ca/ee/ca/ImportCert.template
/usr/share/pki/ca/webapps/ca/ee/ca/KeyRecovery.html
/usr/share/pki/ca/webapps/ca/ee/ca/ManCAEnroll.html
/usr/share/pki/ca/webapps/ca/ee/ca/ManObjSignEnroll.html
/usr/share/pki/ca/webapps/ca/ee/ca/ManRAEnroll.html
/usr/share/pki/ca/webapps/ca/ee/ca/ManServerEnroll.html
/usr/share/pki/ca/webapps/ca/ee/ca/ManUserEnroll.html
/usr/share/pki/ca/webapps/ca/ee/ca/OCSPResponder.html
/usr/share/pki/ca/webapps/ca/ee/ca/ObjSignPKCS10Enroll.html
/usr/share/pki/ca/webapps/ca/ee/ca/PortalEnrollment.html
/usr/share/pki/ca/webapps/ca/ee/ca/ProfileList.template
/usr/share/pki/ca/webapps/ca/ee/ca/ProfileSelect.template
/usr/share/pki/ca/webapps/ca/ee/ca/ProfileSubmit.html
/usr/share/pki/ca/webapps/ca/ee/ca/ProfileSubmit.template
/usr/share/pki/ca/webapps/ca/ee/ca/RenewalSuccess.template
/usr/share/pki/ca/webapps/ca/ee/ca/RevocationSuccess.template
/usr/share/pki/ca/webapps/ca/ee/ca/UserRenewal.html
/usr/share/pki/ca/webapps/ca/ee/ca/UserRevocation.html
/usr/share/pki/ca/webapps/ca/ee/ca/bench2k.html
/usr/share/pki/ca/webapps/ca/ee/ca/blank.html
/usr/share/pki/ca/webapps/ca/ee/ca/checkRequest.html
/usr/share/pki/ca/webapps/ca/ee/ca/displayBySerial.template
/usr/share/pki/ca/webapps/ca/ee/ca/displayBySerial2.template
/usr/share/pki/ca/webapps/ca/ee/ca/displayCRL.template
/usr/share/pki/ca/webapps/ca/ee/ca/displayCaCert.template
/usr/share/pki/ca/webapps/ca/ee/ca/displayCertFromRequest.template
/usr/share/pki/ca/webapps/ca/ee/ca/enrollMenu.html
/usr/share/pki/ca/webapps/ca/ee/ca/index.jsp
/usr/share/pki/ca/webapps/ca/ee/ca/policyEnrollment
/usr/share/pki/ca/webapps/ca/ee/ca/policyEnrollment/index.jsp
/usr/share/pki/ca/webapps/ca/ee/ca/policyEnrollment/profileMenu.html
/usr/share/pki/ca/webapps/ca/ee/ca/policyEnrollment/retrievalMenu.html
/usr/share/pki/ca/webapps/ca/ee/ca/policyEnrollment/revocationMenu.html
/usr/share/pki/ca/webapps/ca/ee/ca/profileEnrollment
/usr/share/pki/ca/webapps/ca/ee/ca/profileEnrollment/index.jsp
/usr/share/pki/ca/webapps/ca/ee/ca/profileEnrollment/profileMenu.html
/usr/share/pki/ca/webapps/ca/ee/ca/profileEnrollment/retrievalMenu.html
/usr/share/pki/ca/webapps/ca/ee/ca/profileEnrollment/revocationMenu.html
/usr/share/pki/ca/webapps/ca/ee/ca/profileMenu.html
/usr/share/pki/ca/webapps/ca/ee/ca/queryBySerial.html
/usr/share/pki/ca/webapps/ca/ee/ca/queryCert.html
/usr/share/pki/ca/webapps/ca/ee/ca/queryCert.template
/usr/share/pki/ca/webapps/ca/ee/ca/reasonToRevoke.template
/usr/share/pki/ca/webapps/ca/ee/ca/recoveryMenu.html
/usr/share/pki/ca/webapps/ca/ee/ca/remoteAuthConfig.template
/usr/share/pki/ca/webapps/ca/ee/ca/renewalMenu.html
/usr/share/pki/ca/webapps/ca/ee/ca/requestStatus.template
/usr/share/pki/ca/webapps/ca/ee/ca/retrievalMenu.html
/usr/share/pki/ca/webapps/ca/ee/ca/revocationMenu.html
/usr/share/pki/ca/webapps/ca/ee/ca/revocationResult.template
/usr/share/pki/ca/webapps/ca/ee/ca/srchCert.html
/usr/share/pki/ca/webapps/ca/ee/ca/srchCert.template
/usr/share/pki/ca/webapps/ca/ee/ca/tabs.html
/usr/share/pki/ca/webapps/ca/ee/ca/toDisplayCRL.template
/usr/share/pki/ca/webapps/ca/ee/ca/unrevocationResult.template
/usr/share/pki/ca/webapps/ca/ee/cms-funcs.js
/usr/share/pki/ca/webapps/ca/ee/helpfun.js
/usr/share/pki/ca/webapps/ca/ee/index.jsp
/usr/share/pki/ca/webapps/ca/index.jsp
/usr/share/pki/ca/webapps/ca/services.template


Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Mar 23 03:05:35 2024