Sun PKI Registration Authorities
The SunTM Public Key Infrastructure (Sun PKI) architecture is designed with one top-level certificate and a subordinate certificate authority (CA). The top-level certificate is called the Root CA. The subordinate CA is called the Sun Microsystems, Inc. CA (Class B) certificate. An additional certificate, the patch signing certificate, is issued by Sun EnterpriseTM Services and verifies the digital signatures on signed patches.
Sun certificates are issued by Baltimore Technologies, who recently bought GTE CyberTrust.
The Sun Root CA and the Sun Class B CA are available from http://www.sun.com/pki/ca. The patch signing certificate is included in the SUNWppro package.
These three certificates provide a certificate chain of trust in the patch verification process. The Sun Root CA certifies the Class B CA, and the Class B CA certifies the patch signing certificate. And ultimately, the GTE CyberTrust CA certifies the Sun Root CA.
A certification authority certifies the relationship between public keys and the owner of the public keys. The public keys are used to validate the digital signature that is found in the patch JAR file.
The Sun CA process means that the following statements are true:
-
Sun has issued and authenticated the digital certificates.
-
The public keys in the certificates are paired with a private key that is held by Sun.
-
These certificates can be used for business purposes only. The certificates can be revoked or suspended if the certificate user violates Sun's certificate policy.
For information about Sun's certificate policy, see http://www.sun.com/pki/cps.html.
- © 2010, Oracle Corporation and/or its affiliates