![]() ![]() (BZ#1419761)Ĭertificate System now uses the Mozilla NSS secure random number generator Note that by default, the allowSameKeyRenewal parameter is set to true in the UniqueKe圜onstraint. Additionally, the caFullCMCUserSignedCert.cfg profile has been updated to contain both the UniqueKe圜onstraint and the RenewGracePeriodConstraint, which must be placed in the correct order. If there is an existing origNotAfter attribute, it is not overwritten in this process in order to not interfere with the existing renewal by serial flow. Additionally, it preserves the origNotAfter attribute of the most recent certificate that shares the same key in the request, which allows the attribute to be used by the RenewGracePeriodConstraint. The implementation uses the caFullCMCUserSignedCert with the UniqueKe圜onstraint enhanced profile constraint, which has also been updated to disallow renewal of a key shared by a revoked certificate. This update enables the Certificate Authority (CA) to process Certificate Management over CMS (CMC) renewal requests signed by a previously issued signing certificate. Deprecated Functionality in Red Hat Enterprise Linux 7 Red Hat Enterprise Linux System Roles Powered by Ansible Red Hat Enterprise Linux 7.5 for IBM Power LE (POWER9) Important Changes to External Kernel Parameters ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |