System Administration Guide: Security Services

ProcedureHow to Refresh or Restart All Cryptographic Services

By default, the Solaris Cryptographic Framework is enabled. When the kcfd daemon fails for any reason, the service management facility can be used to restart cryptographic services. For more information, see the smf(5) and svcadm(1M) man pages. For the effect on zones of restarting cryptographic services, see Cryptographic Services and Zones.

  1. Check the status of cryptographic services.

    % svcs cryptosvc
     STATE          STIME    FMRI
    offline         Dec_09   svc:/system/cryptosvc:default
  2. Become superuser or assume an equivalent role to enable cryptographic services.

    Roles contain authorizations and privileged commands. For more information about roles, see Configuring RBAC (Task Map).

    # svcadm enable svc:/system/cryptosvc

Example 14–26 Refreshing Cryptographic Services

In the following example, cryptographic services are refreshed in the global zone. Therefore, kernel-level cryptographic policy in every non-global zone is also refreshed.

# svcadm refresh system/cryptosvc