Using Sun's Certificates to Verify Signed Packages and Patches (System Administration Guide: Basic Administration)

System Administration Guide: Basic Administration

Using Sun's Certificates to Verify Signed Packages and Patches

Access to a package keystore is protected by a special password that you specify when you import the Sun certificates into your system's package keystore.

If you use the pkgadm listcert command, you can view information about your locally stored certificates in the package keystore. For example:

# pkgadm listcert -P pass:store-pass
    Keystore Alias: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
        Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
   Certificate Type: Trusted Certificate
Issuer Common Name: /C=US/O=VeriSign, Inc./OU=Class 2 Public Primary Certification Authority - G2/O
Validity Dates: <May 18 00:00:00 1998 GMT> - <Aug 1 23:59:59 2028 GMT>
 MD5 Fingerprint: 2D:BB:E5:25:D3:D1:65:82:3A:B7:0E:FA:E6:EB:E2:E1
   SHA1 Fingerprint: B3:EA:C4:47:76:C9:C8:1C:EA:F2:9D:95:B6:CC:A0:08:1B:67:EC:9D

The following describes the output of the pkgadm listcert command.

Keystore Alias

When you retrieve certificates for printing, signing, or removing, this name must be used to reference the certificate.

Command Name

The common name of the certificate. For trusted certificates, this name is the same as the keystore alias.

Certificate Type

Can be one of two types:

Trusted certificate – A certificate that can be used as a trust anchor when verifying other certificates. No private key is associated with a trusted certificate.
Signing certificate – A certificate that can be used when signing a package or patch. A private key is associated with a signing certificate.

Issuer Command Name

The name of the entity that issued, and therefore signed, this certificate. For trusted certificate authority (CA) certificates, the issuer common name and common name are the same.

Validity Dates

A date range that identifies when the certificate is valid.

MD5 Fingerprint

An MD5 digest of the certificate. This digest can be used to verify that the certificate has not been altered during transmission from the source of the certificate.

SHA1 Fingerprint

Similar to an MD5 fingerprint, except that it is calculated using a different algorithm.

Each certificate is authenticated by comparing its MD5 and SHA1 hashes, also called fingerprints, against the known correct fingerprints published by the issuer.