Access to a package keystore is protected by a special password that you specify when you import the Sun certificates into your system's package keystore.
If you use the pkgadm listcert command, you can view information about your locally stored certificates in the package keystore. For example:
# pkgadm listcert -P pass:store-pass Keystore Alias: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Certificate Type: Trusted Certificate Issuer Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O Validity Dates: <May 18 00:00:00 1998 GMT> - <Aug 1 23:59:59 2028 GMT> MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1 SHA1 Fingerprint: B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D
The following describes the output of the pkgadm listcert command.
When you retrieve certificates for printing, signing, or removing, this name must be used to reference the certificate.
The common name of the certificate. For trusted certificates, this name is the same as the keystore alias.
Can be one of two types:
Trusted certificate – A certificate that can be used as a trust anchor when verifying other certificates. No private key is associated with a trusted certificate.
Signing certificate – A certificate that can be used when signing a package or patch. A private key is associated with a signing certificate.
The name of the entity that issued, and therefore signed, this certificate. For trusted certificate authority (CA) certificates, the issuer common name and common name are the same.
A date range that identifies when the certificate is valid.
An MD5 digest of the certificate. This digest can be used to verify that the certificate has not been altered during transmission from the source of the certificate.
Similar to an MD5 fingerprint, except that it is calculated using a different algorithm.
Each certificate is authenticated by comparing its MD5 and SHA1 hashes, also called fingerprints, against the known correct fingerprints published by the issuer.