Environment
Situation
Reflection PKI Services Manager is a service that provides certificate validation services for Reflection for Secure IT and Reflection X Advantage (available with Reflection X 2011 and Reflection Suite for X 2011). This technical note outlines the features available in the Reflection PKI Services Manager 1.2 release, as well as product release notes and information about how to obtain and install this service.
Resolution
Note: Reflection X 2011 R2 and Reflection Suite for X 2011 R2 include Reflection PKI Services Manager 1.2. Reflection X 2011 R1 and Reflection Suite for X 2011 R1 include Reflection PKI Services Manager 1.1.
For information about Reflection PKI Services Manager 1.2 Service Pack 2 new features and release notes, see KB 7021877.
Reflection PKI Services Manager 1.2 New Features
- PKI Services Manager can now run in a Microsoft cluster environment. The Microsoft cluster service helps ensure that applications that require certificate validation services have continuous access to PKI Services Manager, even if one computer within the cluster becomes unavailable.
- You now can specify a non-default data folder. (Supported on Windows only.)
- You can now specify the IP Address when a certificate has an IPAddress value defined in the SubjectAltName field when specifying allowed identities for a host certificate.
- This release of PKI Services Manager supports the ability for a Reflection PKI services client application to retrieve the PKI Services Manager public key directly, eliminating the need to manually copy the key. (The client application must also support this feature.)
- A new View Public Key console menu option and a command line option, -p (--showkey) have been added that display the fingerprint of the PKI Services Manager public key. Use this option when configuring connections to PKI Services Manager to confirm that client applications have the correct key.
- You can now start and stop the service from the console.
- You can now configure PKI Services Manager to use a non-default Java Virtual Machine (JVM).
- The console now includes a drop-down list that displays available IP addresses (including IPv4 and IPv6 formats).
- An information level log message has been added at startup that displays the JRE version.
Security Updates
- Fixes for security vulnerability CVE-2010-3190: Updated the Microsoft Redistributable Library files for the untrusted search path vulnerability and fixed an untrusted search path vulnerability in the product.
- Fixes for security vulnerability CVE-2010-4476: PKI Services Manager 1.2 installs Version 6 Update 24 of the Java Runtime Environment (JRE). This JRE update addresses a potential denial of service attack.
For current information about security alerts and advisories that may affect Reflection PKI Services Manager, see Security Alerts - Reflection PKI Services Manager.
Obtaining Your Component Upgrade
The directions for obtaining the Reflection PKI Services Manager add-on vary depending on the type of customer: maintained or new customers, or evaluating customers.
Note: You can install or upgrade the PKI Services Manager component without changing your installed version of Reflection for Secure IT or Reflection X Advantage.
Maintained or New Customers
Maintained customers are eligible to download PKI Services Manager 1.2 from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/.
New Volume Purchase Account customers can use link(s) in the e-mail message sent to the order "ship to" contact to download PKI Services Manager files.
The PKI Services Manager file downloads for various platforms are listed in the Download Library on your product's download page under the heading, "Supplemental File – Utility or Add-On," which appears below the "Current Product Release" and "Service Pack or Patch" headings.You will be prompted to login and accept the Software License Agreement before you can select and download the PKI Services Manager file. For more information on using the Download Library web site, see KB 7021965.
Evaluating Customers
PKI Services Manager 1.2 is available to evaluate when you request an evaluation copy of the following products from the Attachmate web site (https://www.attachmate.com/Evals/rsit/rsit-eval.htm):
Reflection for Secure IT UNIX Server
Reflection for Secure IT Windows Server
Reflection X 2011 (includes Reflection X Advantage)
Reflection Suite for X 2011 (includes Reflection X Advantage)
You will be prompted to fill out a form and then will receive e-mail with instructions about downloading the evaluation software.
The PKI Services Manager file downloads are intermixed in the file listing of Reflection for Secure IT or Reflection X Advantage product downloads, which are organized by available platforms under the "Description" heading. The PKI Services Manager file downloads include "PKI Add-On" at the end of the platform description.
If you downloaded the Reflection for Secure IT or Reflection X 2011 (which includes Reflection X Advantage) evaluation software, you must navigate back to the file listing page to obtain the PKI Add-On. Alternatively, you can click the link in the original e-mail to return to the file listing page.
Supported Platforms
For information about Reflection PKI Services Manager supported platforms, see KB 7021871.
Installing Reflection PKI Services Manager Upgrade
Reflection PKI Services Manager version 1.2 is a full product installation and does not require a previous version to be installed. Installation instructions vary depending on platform. For detailed installation instructions on a Windows or UNIX platform, see the PKI Services Manager 1.2 User Guide on the documentation page: https://support.microfocus.com/manuals/pki.html.