Adding Certificates or Local Identities with install_skip_keys

The install_skip_keys command is used to install key packages that have been received from a key server or from one of the SunCAs. If used with -icg, it means that the SunCA or the SunCAglobal CA certified the keys. The SunCA certifies 1024-bit and 2048-bit modulus certificates, and the SunCAglobal certifies 512-bit certificates.

To communicate with a SunScreen SPF-100 or SunScreen SPF-100 G, you need to use SunCA or SunCAglobal certificates.

Requirements

If you are going to use certificates from a Certificate Authority, be aware that you must install the following operating system package:

system SUNWscpu Source Compatibility, (Usr)

Otherwise the install_skip_keys command will fail.

The install_skip_keys command is not used to add someone else's certificate. It is only used to install local identities for CA key packages.

The Example 2-1 shows installing a SunCAglobal key and certificate from diskettes. After installing the key and certificate, because you have added a new local identity, you must either run the skipd_restart command or reboot your system to initialize the key manager.

Example 2-1 Installing a SunCA Global Key and Certificate from Diskette

# install_skip_keys -icg /floppy/unnamed_floppy
Added CA certificate as ca-slot 0

Added local identity slot 3

added 0a1030cc to database
/usr/sbin/install_skip_keys: you should now reboot the machine to initialize SKIP.

For more information on install_skip_keys, see Chapter 4, Using the Command-Line Interface and the man pages.