Red Hat CERTIFICATE 8.0 RELEASE NOTES Guía de instalación descargar pdf (Pagina 7)

Certificate System 8.0, although it does not ship with an ECC module, does support loading and using

third-party ECC PKCS#11 modules with the CA. The console can handle ECC-based SSL sessions, and

the server generates and supports ECC certificates.

1.6. Simplified Signed Audit Logging

Audit log signing certificates are now created with all of the other default subsystem certificates as soon

as a CA, DRM, OCSP, TKS, or T PS subsystem is configured. T he log is also already configured and can

be very easily enabled. Signed audit logs can be verified by auditors using the included AuditVerify

script.

1.7. New Windows Smart Card Login Profile for Tokens

A new example profile is included with the regular CA profiles list which enabled the CA and T PS to

issue certificates and enroll tokens that can be used to log into Windows systems.

1.8. Enhanced Security Officer Mode and Enterprise Security Client Configuration

Setting up and using security officer workstation has been improved and additional parameters have

been added to the esc-pref.js configuration file to make configuring the Enterprise Security Client

security officer settings easier and more flexible.

1.9. Expanded T PS Roles

A new role, the operator role has been added to the T PS subsystem. T his role can view and search all

tokens, certificates, and activities within the T oken Processing System (T PS) but cannot edit any entries.

Additionally, the administrator role interface has been enhanced to allow administrators to create and

edit users, assign profiles, and delete users directly.

1.10. Added IPv6 Support

The Certificate System 8.0 services can accept requests from all supported browsers, from other

Certificate System subsystems, and from the administrative console over IPv6. The server also supports

using IPv6 addresses in the Subject Alt Names of certificates, with certificate extensions, and with

Certificate System scripts and tools.

1.11. Using HTTP1.1 for Publishing CRLs

HTTP 1.1 has been added as a supported protocol to use to publish CRLs, in addition to publishing to

file and to LDAP. This makes publishing CRLs safer and more efficient, since "chunks" of CRLs can be

published rather the entire CRL. If CRL publishing is ever interrupted, the process can resume smoothly.

1.12. Enhanced Installation Scripts

Certificate System creates and configures additional instances using the pkicreate script. An

additional script, pkisilent, can be used to create and configure multiple subsystem instances quickly

and without unnecessary user interaction. Both of these scripts have been enhanced and strengthened

for changes to port separation, security domain configuration, and other updates to the structure of

Certificate System subsystems.

2. Important Configuration Changes

There have been some significant changes to the structure and configuration of the Certificate System

8.0 installation, which are not directly related to new features in Certificate System 8.0.

Red Hat Certificate System 8.0 Red Hat Certificate System 8.0

1 2 3 4 5 6 7 8 9 10 11 12 ... 43 44

Sin comentarios

Red Hat CERTIFICATE 8.0 RELEASE NOTES Guía de instalación Pagina 7