System Administration Guide: Basic Administration

SunPKI Registration Authorities

Sun Public Key Infrastructure (SunPKI) architecture is designed with one top-level certificate, called the Root CA (Certificate Authority) and a subordinate CA, which is the Sun Microsystems Inc., CA (Class B) certificate. An additional certificate issued by Sun Enterprise Services, called the patch management certificate, is used to verify the digital signatures on signed patches.

The Sun Root CA, Sun Class B CA, and the patch signing certificate are included in the SUNWcert package.

These three certificates provide a certificate chain of trust in the patch verification process whereby the Sun Root CA trusts the Class B CA, and the Class B CA trusts the patch management certificate. And ultimately, the GTE CyberTrust CA trusts the Sun Root CA.

Sun certificates are issued by Baltimore Technologies, who recently bought GTE CyberTrust.

A certification authority certifies the relationship between public keys that are used to decrypt the digital signature with the patch and the owner of the public keys.

The Sun CA process means the following:

For more information about Sun's certificate policy, go to http://www.sun.com/pki/cps.html.