Helsinki, Finland -
July 13, 2004
SSH Tectia Newsletter Vol.6
SSH Communications Security >> http://www.ssh.com
======================================================
[ SSH TECTIA NEWSLETTER (VOLUME 6) ] < July 13, 2004 >
======================================================
* Product News
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SSH Tectia client/server solution 4.1.3 released!
----------------------------------------------
The SSH Tectia client/server solution 4.1.3 has been released today. If you have a valid 4.1.x license file, you can get updates for SSH Tectia Client, SSH Tectia Server, and SSH Tectia Connector at the "Updates and Packages" section at http://www.ssh.com/support/downloads/.
If you do not have a valid 4.1.x license file, and you are *not* a customer with a maintenance agreement, please purchase the new product version from SSH Online Store at http://www.ssh.com/company/sales/.
Version 4.1.3 fixes an issue in CRL checking during certificate validation, which potentially lead to a failure in earlier versions. For further details, please contact SSH Technical Support at http://www.ssh.com/support/contact/support-request-tectia-client-server.mpl
This new version also includes the improvements provided in version 4.1.2, listed below:
SSH Tectia Manager 1.2.1 released!
----------------------------------------------
SSH Tectia Manager 1.2.1 has been released today. It provides a number of improvements, mainly:
* New documents available at SSH Resource Center
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**Technical Notes: Integrating SSH Tectia Certifier with Third-Party Identity Providers:
http://www.ssh.com/documents/39/SSHTectiaCertifier_IIM_TechNote.pdf
**Compatibility Notes: Using ActivCard Gold with SSH Tectia
http://www.ssh.com/documents/50/ActivCard_CompatibilityNote.pdf
* Tips & Tricks: Utilities for key generation and certificate enrollment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SSH Tectia Server comes with command-line tools for key generation and certificate viewing and enrollment. The tools are shipped with SSH Tectia Client and Server for both Unix and Windows platforms.
* ssh-keygen2
Tool for viewing and generating DSA/RSA keys that can be used for server or user authentication. The tool also supports key conversions, for example from a PKCS #12 file to SSH2-format private key and certificate.
Detailed usage is available from the ssh-keygen2 man page:
http://www.ssh.com/documents/32/4-1-ssh-keygen2.html
* ssh-cmpclient
Certificate enrollment client that uses the CMP protocol that supports key generation or enrolling a certificate for an existing private key. Example syntax for enrolling a host certificate is found in the knowledge base article #1989 at http://support.ssh.com.
Detailed usage is available from the ssh-cmpclient man page: http://www.ssh.com/documents/32/4-1-ssh-cmpclient.html
* ssh-certview
Tool for viewing certificate and CRL files. This is useful for example in creating the map file entries for defining the certificate to user account mappings in server configuration.
Detailed usage is available from the ssh-certview man page: http://www.ssh.com/documents/32/4-1-ssh-certview.html
* Trade Shows & Events
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Upcoming events
Please check our events site at http://www.ssh.com/company/events/ for more information.
* SSH Headlines
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 15, 2004
Computer Associates Designates SSH Tectia Certifier As ca smart ForIntegration With eTrust Admin
http://www.ssh.com/company/newsroom/article/541/
June 22, 2004
SAS Institute and SSH to Cooperate in IT Security Solutions
http://www.ssh.com/company/newsroom/article/541/
======================================================
# SSH Tectia Newsletter Mailing List #
------------------------------------------------------
This e-mail has been sent to evaluators of SSH products and others who have been in contact with us in the past and who have agreed that we send you the SSH Tectia Newsletter.
To unsubscribe from the mailing list, send a blank e-mail to from the e-mail account you wish to unsubscribe , or visit http://www.ssh.com/company/newsroom/unsubscribe.mpl.
# SSH Security & Release Alert Mailing List #
-------------------------------------------------------
If you would like to receive security alerts and notices about new version releases of SSH products, please subscribe to SSH Security & Release Alert mailing list at http://www.ssh.com/company/newsroom/subscribe.mpl.
=======================================================
Sincerely,
SSH Communications Security >> http://www.ssh.com
======================================================
[ SSH TECTIA NEWSLETTER (VOLUME 6) ] < July 13, 2004 >
======================================================
- Product News
- New documents at SSH Resource Center
- Tips & Tricks
- Trade Shows & Events
- SSH Headlines
- Subscribing & Unsubscribing to Mailing Lists
* Product News
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SSH Tectia client/server solution 4.1.3 released!
----------------------------------------------
The SSH Tectia client/server solution 4.1.3 has been released today. If you have a valid 4.1.x license file, you can get updates for SSH Tectia Client, SSH Tectia Server, and SSH Tectia Connector at the "Updates and Packages" section at http://www.ssh.com/support/downloads/.
If you do not have a valid 4.1.x license file, and you are *not* a customer with a maintenance agreement, please purchase the new product version from SSH Online Store at http://www.ssh.com/company/sales/.
Version 4.1.3 fixes an issue in CRL checking during certificate validation, which potentially lead to a failure in earlier versions. For further details, please contact SSH Technical Support at http://www.ssh.com/support/contact/support-request-tectia-client-server.mpl
This new version also includes the improvements provided in version 4.1.2, listed below:
- HP-UX 11i Itanium platform support added for SSH Tectia Client and Server
- Certificate authentication in FIPS mode using RSA keys with rsa-pkcs1-md5 signature scheme has been fixed. The affected products were SSH Tectia Server 4.1.0 and 4.0.5 (Unix and Windows).
- Certificate-based SSH Tectia Server authentication over LDAP has been fixed. In case the LDAP CRL DP defined in the SSH Tectia Server certificate was not valid, authentication failed as LDAP server from the SSH Tectia
Client configuration was not used. SSH Tectia Client tried to fetch the CRL only from the CRL DP defined in the SSH Tectia Server certificate and finally timed out. The affected products were SSH Tectia Client 4.1.0 and
4.0.5.
SSH Tectia Manager 1.2.1 released!
----------------------------------------------
SSH Tectia Manager 1.2.1 has been released today. It provides a number of improvements, mainly:
- Improved compatibility with Oracle as Management Database
- Improved configuration distribution compatibility with very slow target hosts
- Improved handling of malformatted URL's by the Management Server
* New documents available at SSH Resource Center
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
**Technical Notes: Integrating SSH Tectia Certifier with Third-Party Identity Providers:
http://www.ssh.com/documents/39/SSHTectiaCertifier_IIM_TechNote.pdf
**Compatibility Notes: Using ActivCard Gold with SSH Tectia
http://www.ssh.com/documents/50/ActivCard_CompatibilityNote.pdf
* Tips & Tricks: Utilities for key generation and certificate enrollment
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SSH Tectia Server comes with command-line tools for key generation and certificate viewing and enrollment. The tools are shipped with SSH Tectia Client and Server for both Unix and Windows platforms.
* ssh-keygen2
Tool for viewing and generating DSA/RSA keys that can be used for server or user authentication. The tool also supports key conversions, for example from a PKCS #12 file to SSH2-format private key and certificate.
Detailed usage is available from the ssh-keygen2 man page:
http://www.ssh.com/documents/32/4-1-ssh-keygen2.html
* ssh-cmpclient
Certificate enrollment client that uses the CMP protocol that supports key generation or enrolling a certificate for an existing private key. Example syntax for enrolling a host certificate is found in the knowledge base article #1989 at http://support.ssh.com.
Detailed usage is available from the ssh-cmpclient man page: http://www.ssh.com/documents/32/4-1-ssh-cmpclient.html
* ssh-certview
Tool for viewing certificate and CRL files. This is useful for example in creating the map file entries for defining the certificate to user account mappings in server configuration.
Detailed usage is available from the ssh-certview man page: http://www.ssh.com/documents/32/4-1-ssh-certview.html
* Trade Shows & Events
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Upcoming events
- Singapore, SSH Tectia Seminar, July 16, 2004
- San Francisco, USA, WebSec: The E-Security Conference and Expo, August 10-12, 2004
Please check our events site at http://www.ssh.com/company/events/ for more information.
* SSH Headlines
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
June 15, 2004
Computer Associates Designates SSH Tectia Certifier As ca smart ForIntegration With eTrust Admin
http://www.ssh.com/company/newsroom/article/541/
June 22, 2004
SAS Institute and SSH to Cooperate in IT Security Solutions
http://www.ssh.com/company/newsroom/article/541/
======================================================
# SSH Tectia Newsletter Mailing List #
------------------------------------------------------
This e-mail has been sent to evaluators of SSH products and others who have been in contact with us in the past and who have agreed that we send you the SSH Tectia Newsletter.
To unsubscribe from the mailing list, send a blank e-mail to
# SSH Security & Release Alert Mailing List #
-------------------------------------------------------
If you would like to receive security alerts and notices about new version releases of SSH products, please subscribe to SSH Security & Release Alert mailing list at http://www.ssh.com/company/newsroom/subscribe.mpl.
=======================================================
Sincerely,
SSH Communications Security >> http://www.ssh.com
© 2004 SSH Communications Security Corp. All rights reserved. ssh® is a registered trademark of SSH Communications Security Corp in the United States and in certain other jurisdictions. All other names and marks are property of their respective owners.