Questo contenuto non è disponibile nella lingua selezionata.

5.127. jss


Updated jss packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
JSS (Java Security Services) is a Java binding to Network Security Services (NSS), which provides SSL/TLS network protocols and other security services in the Public Key Infrastructure (PKI) suite. JSS is primarily utilized by the Certificate Server.

Bug Fixes

BZ#767768
During key archival process, DRM (Data Recovery Manager) decrypted user's private keys and then re-encrypted the keys for storage purposes. The reverse process took place during key recovery; therefore, the private key was not processed in a token at all times as the decrypted private key was present in the DRM memory between the time of decryption and encryption. This update adds the secure PKCS #12 and PKCS #5 v2.0 support, support for wrapping and unwrapping private keys in their token, and secure private key handling for TMS (Token Management System) key recovery to Red Hat Certificate System 8.1. As a result, the key archival operations now happen in the token.
BZ#767771
The "kra.storageUnit.hardware" configuration parameter did not exist in DRM's CS.cfg after upgrade. Consequently, if parameter "kra.storageUnit.hardware" was defined, recovery operations failed and the server returned the following error message:
PKCS #12 Creation Failed java.lang.IllegalArgumentException: bagType or bagContent is null
This update modifies the jss, pki-kra, pki-common components so that the "kra.storageUnit.hardware" configuration parameter is processed correctly. As a result, the key archival and recovery process is successful on in-place upgraded and migrated instances.
BZ#767773
Previously, JSS was using the HSM (Hardware Security Module) token name as manufacturer ID. If the HSM token name differed from the manufacturer ID, the key archival and recovery failed. This update adds logic to JSS so that it can recognize the currently supported HSMs: nCipher and SafeNet. Key archival and recovery in TMS and non-TMS Common Criteria environments now work as expected.
All users of jss are advised to upgrade to these updated packages, which fix these bugs.
Red Hat logoGithubRedditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita ilBlog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

© 2024 Red Hat, Inc.