| Errata ID | 213 |
|---|---|
| Date | 2016-07-21 |
| Source package | univention-ssl |
| Fixed in version | 10.0.0-15.172.201606271746 |
| Description | This update addresses the following issues: * 'univention-certificate check' now also checks the expiry date of the certificate. * 'univention-certificate new' now also accepts the '-days' parameter. * 'univention-certificate' now checks the UCS server role, as its full functionality is only available on the 'DC Master'. * Changing the UCRVs 'ssl/default/hashfunction' and 'ssl/default/bits' now takes immediate effect. * During the initial CA creation '2.debian.pool.ntp.org' is used in addition, which also contains IPv6 capable time servers. * The certificate revocation list in now updated periodically. The intervals are configured through the UCRV 'ssl/crl/interval' and 'ssl/crl/validity'. * The SSL extension example was fixed to work with with non-bash-shells. * Locking was added to prevent parallel execution when managing certificates. * Server certificates are no longer revoked and re-created when the LDAP host entry is only moved. * The new UCRV 'ssl/ca/cipher' can be used to chose the encryption mechanism for the private key of the root CA. The new default is aes256. * The new UCRV 'ssl/host/objectclass' can be used to configure the LDAP object classes for which SSL certificates are automatically created. |
| Additional notes | |
| UCS Bug number | #31369 #39257 #24094 #40498 #25285 #35748 #39045 #35027 #41230 #37621 #38903 |
