Errata overview
Errata ID 213
Date 2016-07-21
Source package univention-ssl
Fixed in version 10.0.0-15.172.201606271746
This update addresses the following issues:
* 'univention-certificate check' now also checks the expiry date of the
* 'univention-certificate new' now also accepts the '-days' parameter.
* 'univention-certificate' now checks the UCS server role, as its full
  functionality is only available on the 'DC Master'.
* Changing the UCRVs 'ssl/default/hashfunction' and 'ssl/default/bits' now
  takes immediate effect.
* During the initial CA creation '' is used in addition,
  which also contains IPv6 capable time servers.
* The certificate revocation list in now updated periodically. The intervals
  are configured through the UCRV 'ssl/crl/interval' and 'ssl/crl/validity'.
* The SSL extension example was fixed to work with with non-bash-shells.
* Locking was added to prevent parallel execution when managing certificates.
* Server certificates are no longer revoked and re-created when the LDAP host
  entry is only moved.
* The new UCRV 'ssl/ca/cipher' can be used to chose the encryption mechanism
  for the private key of the root CA. The new default is aes256.
* The new UCRV 'ssl/host/objectclass' can be used to configure the LDAP
  object classes for which SSL certificates are automatically created.
Additional notes
UCS Bug number #31369