Use the keytool command to import and verify the Sun certificates that are used to verify the signed patches you want to add to your system. You must do this task even if you imported the certificates from a previous installation.
The SUNWcert package is automatically installed when you install the signed patches tool. Do not install the SUNWcert package separately if you have already installed a signed patches tool.
Verify that you have completed the prerequisite task, which is to download one of the Solaris patch management tools.
Become superuser.
Determine the fingerprints of your Sun root certificate and Sun class B certificate.
# /usr/j2se/bin/keytool -printcert -file /etc/certs/SUNW/smirootcacert.b64 # /usr/j2se/bin/keytool -printcert -file /etc/certs/SUNW/smicacert.b64 |
Verify that the output of these commands matches the Sun root and class B certificate fingerprints displayed at:
https://www.sun.com/pki/ca/ |
Accept the Sun class B certificate by importing it into your system:
# /usr/j2se/bin/keytool -import -alias smicacert -file /etc/certs/SUNW/ smicacert.b64 -keystore /usr/j2se/jre/lib/security/cacerts Enter keystore password: changeit Owner: O=Sun Microsystems Inc, CN=Sun Microsystems Inc CA (Class B) Issuer: CN=Sun Microsystems Inc Root CA, O=Sun Microsystems Inc, C=US Serial number: 1000006 Valid from: Mon Nov 13 12:23:10 MST 2000 until: Fri Nov 13 12:23:10 MST 2009 Certificate fingerprints: MD5: B4:1F:E1:0D:80:7D:B1:AB:15:5C:78:CB:C8:8F:CE:37 SHA1: 1E:38:11:02:F0:5D:A3:27:5C:F9:6E:B1:1F:C4:79:95:E9:6E:D6:DF Trust this certificate? [no]: yes Certificate was added to keystore |
Accept the Sun root certificate by importing it into your system:
# /usr/j2se/bin/keytool -import -alias smirootcacert -file /etc/certs/SUNW/ smirootcacert.b64 -keystore /usr/j2se/jre/lib/security/cacerts Enter keystore password: changeit Owner: CN=Sun Microsystems Inc Root CA, O=Sun Microsystems Inc, C=US Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US Serial number: 200014a Valid from: Tue Nov 07 15:39:00 MST 2000 until: Thu Nov 07 16:59:00 MST 2002 Certificate fingerprints: MD5: D8:B6:68:D4:6B:04:B9:5A:EB:34:23:54:B8:F3:97:8C SHA1: BD:D9:0B:DA:AE:91:5F:33:C4:3D:10:E3:77:F0:45:09:4A:E8:A2:98 Trust this certificate? [no]: yes Certificate was added to keystore |
Accept the patch signing certificate by importing it into your system:
# /usr/j2se/bin/keytool -import -alias patchsigning -file /opt/SUNWppro/ etc/certs/patchsigningcert.b64 -keystore /usr/j2se/jre/lib/security/cacerts Enter keystore password: changeit Owner: CN=Enterprise Services Patch Management, O=Sun Microsystems Inc Issuer: O=Sun Microsystems Inc, CN=Sun Microsystems Inc CA (Class B) Serial number: 1400007b Valid from: Mon Sep 24 14:38:53 MDT 2001 until: Sun Sep 24 14:38:53 MDT 2006 Certificate fingerprints: MD5: 6F:63:51:C4:3D:92:C5:B9:A7:90:2F:FB:C0:68:66:16 SHA1: D0:8D:7B:2D:06:AF:1F:37:5C:0D:1B:A0:B3:CB:A0:2E:90:D6:45:0C Trust this certificate? [no]: yes Certificate was added to keystore |