Environment
Situation
Reflection PKI Services Manager is a service that provides certificate validation services for Reflection for Secure IT and Reflection X Advantage (available with Reflection X 2011 and Reflection Suite for X 2011). This technical note outlines the new features available in the Reflection PKI Services Manager 1.2 Service Pack 2 (SP2) release, as well as product release notes and information about how to obtain and install this service. Service Pack 2 is cumulative and also applies the features and fixes listed below for SP1.
Reflection PKI Services Manager 1.3 released 10 October 2013; for information about new features and release notes, see KB 7021878. For information about Reflection PKI Services Manager 1.2, see KB 7021875.
Note: Reflection PKI Services Manager 1.2 SP2 is not certified by JITC. For a list of JITC DoD PKI-certified versions, see KB 7021879.
Resolution
Java and PKI Services Manager
PKI Services Manager installs its own Java Runtime Environment (JRE) and uses this installed JRE by default. It is also possible to configure PKI Services Manager to use a different JRE. Beginning with version 1.2.2, the JRE you configure must be Java version 7 (1.7.0_nn). To use Java version 6, you must be running PKI Services Manager version 1.2.1 or earlier.
New Features in 1.2 SP2
- The VMware vSphere Hypervisor (ESXi) virtualization platform is supported as a host platform for supported operating systems.
- The FIPS 140-2 Level 1 Cryptographic Module has been updated to RSA BSAFE Crypto-J JSAFE and JCE Software Module v6.1, which has been validated by the National Institute of Standards and Technology (NIST), certificate #2058: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/1401val2013.htm#2058.
- The installed Java Runtime Environment (JRE) has been updated to Oracle Java 7 Update 25 on all platforms except AIX.
Security Updates in 1.2 SP2
- Multiple Oracle Java Runtime Environment (JRE) vulnerabilities have been addressed in Oracle Java SE 7 Update 25. The installed JRE has been updated to Java 7 Update 25.
Deprecated Feature
- Beginning with version 1.2 SP2, MD2 signed certificates are no longer supported. Users who need support for MD2RSA signed certificates should use 1.2 SP1 or earlier.
New Feature in 1.2 SP1
- The JRE has been updated to Java 7 Update 5 on Windows, Linux and Solaris platforms.
Resolved Issue in 1.2 SP1
- PKI Services Manager can now handle large Certificate Revocation List (CRL) files.
Obtaining Your Component Upgrade
The directions for obtaining the Reflection PKI Services Manager add-on vary depending on the type of customer: maintained or new customers, or evaluating customers.
Note: You can install or upgrade the PKI Services Manager component without changing your installed version of Reflection for Secure IT or Reflection X Advantage.
Maintained or New Customers
Maintained customers are eligible to download PKI Services Manager 1.2 SP 2 from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/.
New Volume Purchase Account customers can use link(s) in the e-mail message sent to the order "ship to" contact to download PKI Services Manager files.
The PKI Services Manager file downloads for various platforms are listed in the Download Library on your product's download page under the heading, "Supplemental File – Utility or Add-On," which appears below the "Current Product Release" and "Service Pack or Patch" headings. You will be prompted to login and accept the Software License Agreement before you can select and download the PKI Services Manager file. For more information on using the Download Library web site, see Technical Note 0200.
Evaluating Customers
PKI Services Manager 1.2 SP2 is available to evaluate when you request an evaluation copy of the following products from the Attachmate web site (https://www.attachmate.com/Evals/rsit/rsit-eval.htm):
Reflection for Secure IT Server for Windows
Reflection for Secure IT Web Edition
Reflection X 2011 (includes Reflection X Advantage)
Reflection Suite for X 2011 (includes Reflection X Advantage)
You will be prompted to fill out a form and then will receive e-mail with instructions about downloading the evaluation software.
The PKI Services Manager file downloads are intermixed in the file listing of Reflection for Secure IT or Reflection X Advantage product downloads, which are organized by available platforms under the "Description" heading. The PKI Services Manager file downloads include "PKI Add-On" at the end of the platform description.
If you downloaded the Reflection for Secure IT or Reflection X 2011 (which includes Reflection X Advantage) evaluation software, you must navigate back to the file listing page to obtain the PKI Add-On. Alternatively, you can click the link in the original e-mail to return to the file listing page.
Supported Platforms
For information about Reflection PKI Services Manager supported platforms, see KB 7021871.
Installing Reflection PKI Services Manager Upgrade
Reflection PKI Services Manager version 1.2 Service Pack 2 is a full product installation and does not require a previous version to be installed. Installation instructions vary depending on platform. For detailed installation instructions on a Windows or UNIX platform, see the PKI Services Manager 1.2 SP2 User Guide available from the documentation page: https://support.microfocus.com/manuals/pki.html.