How to Import Sun Certificates Into the Java Keystore (System Administration Guide: Basic Administration)

System Administration Guide: Basic Administration

How to Import Sun Certificates Into the Java Keystore

Use the keytool command to import and verify the Sun certificates that are used to verify the signed patches you want to add to your system. You must do this task even if you imported the certificates from a previous installation.

Note –

The SUNWcert package is automatically installed when you install the signed patches tool. Do not install the SUNWcert package separately if you have already installed a signed patches tool.

Verify that you have completed the prerequisite task, which is to download one of the Solaris patch management tools.

Become superuser.

Determine the fingerprints of your Sun root certificate and Sun class B certificate.

# /usr/j2se/bin/keytool -printcert -file /etc/certs/SUNW/smirootcacert.b64
# /usr/j2se/bin/keytool -printcert -file /etc/certs/SUNW/smicacert.b64

Verify that the output of these commands matches the Sun root and class B certificate fingerprints displayed at:
https://www.sun.com/pki/ca/

Accept the Sun class B certificate by importing it into your system:

# /usr/j2se/bin/keytool -import -alias smicacert -file /etc/certs/SUNW/ 
smicacert.b64  -keystore /usr/j2se/jre/lib/security/cacerts
Enter keystore password:  changeit
Owner: O=Sun Microsystems Inc, CN=Sun Microsystems Inc CA (Class B)
Issuer: CN=Sun Microsystems Inc Root CA, O=Sun Microsystems Inc, C=US
Serial number: 1000006
Valid from: Mon Nov 13 12:23:10 MST 2000 until: Fri Nov 13 12:23:10 ...
Certificate fingerprints:
       MD5:  B4:1F:E1:0D:80:7D:B1:AB:15:5C:78:CB:C8:8F:CE:37
       SHA1: 1E:38:11:02:F0:5D:A3:27:5C:F9:6E:B1:1F:C4:79:95:E9:6E:D6:DF
Trust this certificate? [no]:  yes
Certificate was added to keystore

Accept the Sun root certificate by importing it into your system:

# /usr/j2se/bin/keytool -import -alias smirootcacert -file /etc/certs/SUNW/
smirootcacert.b64 -keystore /usr/j2se/jre/lib/security/cacerts
Enter keystore password:  changeit
Owner: CN=Sun Microsystems Inc Root CA, O=Sun Microsystems Inc, C=US
Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
Serial number: 200014a
Valid from: Tue Nov 07 15:39:00 MST 2000 until: Thu Nov 07 16:59:00 ...
Certificate fingerprints:
        MD5:  D8:B6:68:D4:6B:04:B9:5A:EB:34:23:54:B8:F3:97:8C
        SHA1: BD:D9:0B:DA:AE:91:5F:33:C4:3D:10:E3:77:F0:45:09:4A:E8:A2:98
Trust this certificate? [no]:  yes
Certificate was added to keystore

Accept the patch signing certificate by importing it into your system:

# /usr/j2se/bin/keytool -import -alias patchsigning -file /opt/SUNWppro/
etc/certs/patchsigningcert.b64 -keystore /usr/j2se/jre/lib/security/
cacerts
Enter keystore password:  changeit
Owner: CN=Enterprise Services Patch Management, O=Sun Microsystems Inc
Issuer: O=Sun Microsystems Inc, CN=Sun Microsystems Inc CA (Class B)
Serial number: 1400007b
Valid from: Mon Sep 24 14:38:53 MDT 2001 until: Sun Sep 24 14:38:53 ...
Certificate fingerprints:
       MD5:  6F:63:51:C4:3D:92:C5:B9:A7:90:2F:FB:C0:68:66:16
       SHA1: D0:8D:7B:2D:06:AF:1F:37:5C:0D:1B:A0:B3:CB:A0:2E:90:D6:45:0C
Trust this certificate? [no]:  yes
Certificate was added to keystore