Back to bug 1303175
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Matthew Harmsen | 2016-01-29 18:44:59 UTC | Assignee | mharmsen | cfu |
| Ann Marie Rubin | 2016-02-09 22:05:07 UTC | CC | arubin | |
| Matthew Harmsen | 2016-06-10 15:50:51 UTC | Status | NEW | MODIFIED |
| Fixed In Version | pki-core-10.3.2-3.el7 | |||
| errata-xmlrpc | 2016-06-10 16:12:54 UTC | Status | MODIFIED | ON_QA |
| Roshni | 2016-09-06 17:51:31 UTC | Status | ON_QA | VERIFIED |
| CC | rpattath | |||
| Petr Bokoc | 2016-09-07 14:41:12 UTC | Blocks | 1373962 | |
| Christina Fu | 2016-09-07 16:40:47 UTC | Assignee | cfu | edewata |
| Endi Sukma Dewata | 2016-09-28 19:12:53 UTC | Doc Text | SSL cipher list can be customized during installation with two-step installation. First, add pki_skip_configuration=True into the deployment configuration file, then run pkispawn. Customize the cipher list in server.xml as needed. Second, replace the pki_skip_configuration=True with pki_skip_installation=True, then run pkispawn again to complete the installation. | |
| Doc Type | Bug Fix | Release Note | ||
| Petr Bokoc | 2016-09-29 13:06:07 UTC | CC | pbokoc | |
| Docs Contact | mmuehlfe | |||
| Marc Muehlfeld | 2016-10-04 07:08:59 UTC | CC | edewata | |
| Doc Text | SSL cipher list can be customized during installation with two-step installation. First, add pki_skip_configuration=True into the deployment configuration file, then run pkispawn. Customize the cipher list in server.xml as needed. Second, replace the pki_skip_configuration=True with pki_skip_installation=True, then run pkispawn again to complete the installation. | Certificate System now supports setting individual SSL ciphers for installation Previously, if any existing Certificate Servers had customized ciphers set that did not overlap with the default ciphers used during the installation, a new instance could not be installed. With this update, Certificate System allows you to set the SSL cipher before starting the installation, which avoids this problem. To set individual ciphers during a Certificate System instance installation: * Add the "pki_skip_configuration=True" option to the `/var/lib/pki/pki-tomcat/ca/registry/ca/deployment.cfg` deployment configuration file. * Run "pkispawn" to start the installation. * After the setup, set the ciphers in the "sslRangeCiphers" option in the `/var/lib/pki/pki-tomcat/conf/server.xml` file. * Replace the "pki_skip_configuration=True" option with "pki_skip_installation=True" in the `/var/lib/pki/pki-tomcat/ca/registry/ca/deployment.cfg` deployment configuration file. * Run the "pkispawn" command to complete the installation. | ||
| Doc Type | Release Note | Enhancement | ||
| Flags | needinfo?(edewata) | |||
| Endi Sukma Dewata | 2016-10-04 14:42:12 UTC | Doc Text | Certificate System now supports setting individual SSL ciphers for installation Previously, if any existing Certificate Servers had customized ciphers set that did not overlap with the default ciphers used during the installation, a new instance could not be installed. With this update, Certificate System allows you to set the SSL cipher before starting the installation, which avoids this problem. To set individual ciphers during a Certificate System instance installation: * Add the "pki_skip_configuration=True" option to the `/var/lib/pki/pki-tomcat/ca/registry/ca/deployment.cfg` deployment configuration file. * Run "pkispawn" to start the installation. * After the setup, set the ciphers in the "sslRangeCiphers" option in the `/var/lib/pki/pki-tomcat/conf/server.xml` file. * Replace the "pki_skip_configuration=True" option with "pki_skip_installation=True" in the `/var/lib/pki/pki-tomcat/ca/registry/ca/deployment.cfg` deployment configuration file. * Run the "pkispawn" command to complete the installation. | Certificate System now supports setting SSL ciphers for individual installation Previously, if an existing Certificate Server had customized cipher set that did not overlap with the default ciphers used during the installation, a new instance could not be installed to work with the existing instance. With this update, Certificate System allows you to customize the SSL cipher using a two-step installation, which avoids this problem. To set the ciphers during a Certificate System instance installation: * Prepare a normal deployment configuration file for pkispawn. Add a "pki_skip_configuration=True" option. * Run pkispawn with the deployment configuration file to start the initial part of the installation which will generate the configuration files for the new instance. * Customize the ciphers in the "sslRangeCiphers" option in the `/var/lib/pki/<instance>/conf/server.xml` file. * Replace the "pki_skip_configuration=True" option with "pki_skip_installation=True" in the deployment configuration file above. * Run the same pkispawn command again to complete the installation. |
| Flags | needinfo?(edewata) | |||
| Marc Muehlfeld | 2016-10-05 08:45:55 UTC | Flags | needinfo?(edewata) | |
| Endi Sukma Dewata | 2016-10-05 15:03:22 UTC | Flags | needinfo?(edewata) | |
| Marc Muehlfeld | 2016-10-07 06:59:20 UTC | Doc Text | Certificate System now supports setting SSL ciphers for individual installation Previously, if an existing Certificate Server had customized cipher set that did not overlap with the default ciphers used during the installation, a new instance could not be installed to work with the existing instance. With this update, Certificate System allows you to customize the SSL cipher using a two-step installation, which avoids this problem. To set the ciphers during a Certificate System instance installation: * Prepare a normal deployment configuration file for pkispawn. Add a "pki_skip_configuration=True" option. * Run pkispawn with the deployment configuration file to start the initial part of the installation which will generate the configuration files for the new instance. * Customize the ciphers in the "sslRangeCiphers" option in the `/var/lib/pki/<instance>/conf/server.xml` file. * Replace the "pki_skip_configuration=True" option with "pki_skip_installation=True" in the deployment configuration file above. * Run the same pkispawn command again to complete the installation. | Certificate System now supports setting SSL ciphers for individual installation Previously, if an existing Certificate Server had customized cipher set that did not overlap with the default ciphers used during the installation, a new instance could not be installed to work with existing instances. With this update, Certificate System enables you to customize the SSL cipher using a two-step installation, which avoids this problem. To set the ciphers during a Certificate System instance installation: 1 Prepare a deployment configuration file that includes the "pki_skip_configuration=True" option. 2 Pass the deployment configuration file to the "pkispawn" command to start the initial part of the installation. 3 Set the ciphers in the "sslRangeCiphers" option in the `/var/lib/pki/pki-<instance_name>/conf/server.xml` file. 4 Replace the "pki_skip_configuration=True" option with "pki_skip_installation=True" in the deployment configuration file. 5 Run the same "pkispawn" command to complete the installation. |
| Flags | needinfo?(edewata) | |||
| Endi Sukma Dewata | 2016-10-07 15:28:10 UTC | Doc Text | Certificate System now supports setting SSL ciphers for individual installation Previously, if an existing Certificate Server had customized cipher set that did not overlap with the default ciphers used during the installation, a new instance could not be installed to work with existing instances. With this update, Certificate System enables you to customize the SSL cipher using a two-step installation, which avoids this problem. To set the ciphers during a Certificate System instance installation: 1 Prepare a deployment configuration file that includes the "pki_skip_configuration=True" option. 2 Pass the deployment configuration file to the "pkispawn" command to start the initial part of the installation. 3 Set the ciphers in the "sslRangeCiphers" option in the `/var/lib/pki/pki-<instance_name>/conf/server.xml` file. 4 Replace the "pki_skip_configuration=True" option with "pki_skip_installation=True" in the deployment configuration file. 5 Run the same "pkispawn" command to complete the installation. | Certificate System now supports setting SSL ciphers for individual installation Previously, if an existing Certificate Server had customized cipher set that did not overlap with the default ciphers used during the installation, a new instance could not be installed to work with existing instances. With this update, Certificate System enables you to customize the SSL cipher using a two-step installation, which avoids this problem. To set the ciphers during a Certificate System instance installation: 1 Prepare a deployment configuration file that includes the "pki_skip_configuration=True" option. 2 Pass the deployment configuration file to the "pkispawn" command to start the initial part of the installation. 3 Set the ciphers in the "sslRangeCiphers" option in the `/var/lib/pki/<instance>/conf/server.xml` file. 4 Replace the "pki_skip_configuration=True" option with "pki_skip_installation=True" in the deployment configuration file. 5 Run the same "pkispawn" command to complete the installation. |
| Flags | needinfo?(edewata) | |||
| Lenka Špačková | 2016-10-31 15:50:09 UTC | Doc Text | Certificate System now supports setting SSL ciphers for individual installation Previously, if an existing Certificate Server had customized cipher set that did not overlap with the default ciphers used during the installation, a new instance could not be installed to work with existing instances. With this update, Certificate System enables you to customize the SSL cipher using a two-step installation, which avoids this problem. To set the ciphers during a Certificate System instance installation: 1 Prepare a deployment configuration file that includes the "pki_skip_configuration=True" option. 2 Pass the deployment configuration file to the "pkispawn" command to start the initial part of the installation. 3 Set the ciphers in the "sslRangeCiphers" option in the `/var/lib/pki/<instance>/conf/server.xml` file. 4 Replace the "pki_skip_configuration=True" option with "pki_skip_installation=True" in the deployment configuration file. 5 Run the same "pkispawn" command to complete the installation. | Certificate System now supports setting SSL ciphers for individual installation Previously, if an existing Certificate Server had customized cipher set that did not overlap with the default ciphers used during the installation, a new instance could not be installed to work with existing instances. With this update, Certificate System enables you to customize the SSL cipher using a two-step installation, which avoids this problem. To set the ciphers during a Certificate System instance installation: 1. Prepare a deployment configuration file that includes the "pki_skip_configuration=True" option. 2. Pass the deployment configuration file to the "pkispawn" command to start the initial part of the installation. 3. Set the ciphers in the "sslRangeCiphers" option in the `/var/lib/pki/<instance>/conf/server.xml` file. 4. Replace the "pki_skip_configuration=True" option with "pki_skip_installation=True" in the deployment configuration file. 5. Run the same "pkispawn" command to complete the installation. |
| errata-xmlrpc | 2016-11-02 15:21:18 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2016-11-04 05:22:48 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-11-04 01:22:48 UTC | |||
| Dinesh Prasanth | 2020-10-04 20:59:33 UTC | Link ID | Github dogtagpki/pki/issues/2203 |
Back to bug 1303175