To add signed patches to your system with the patchadd command, you will need to add Sun's Root CA certificate, at the very least, to verify the signature on your signed patch. You can import this certificate from the Java keystore into the package keystore.
Become superuser or assume an equivalent role.
Export the Root CA certificate from the Java keystore into a temporary file.
For example:
# keytool -export -storepass changeit -alias gtecybertrustca -keystore gtecybertrustca -keystore /usr/j2se/jre/lib/security/cacerts -file /tmp/root.crt Certificate stored in file </tmp/root.crt> |
-export |
Exports the trusted certificate. |
-storepass storepass |
Specifies the password that protects the integrity of the Java keystore. |
-alias gtecybertrustca |
Identifies the alias of the trusted certificate. |
-keystore certfile |
Specifies the name and location of the keystore file. |
-file filename |
Identifies the file to hold the exported certificate. |
Import the Root CA certificate into the package keystore from the temporary file.
For example:
# pkgadm addcert -t -f der /tmp/root.crt Enter Keystore Password: storepass Keystore Alias: GTE CyberTrust Root Common Name: GTE CyberTrust Root Certificate Type: Trusted Certificate Issuer Common Name: GTE CyberTrust Root Validity Dates: <Feb 23 23:01:00 1996 GMT>-<Feb 23 23:59:00 ... MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58 SHA1 Fingerprint: 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91... Are you sure you want to trust this certificate? yes Trusting certificate <GTE CyberTrust Root> Type a Keystore protection Password. Press ENTER for no protection password (not recommended): For Verification: Type a Keystore protection Password. Press ENTER for no protection password (not recommended): Certificate(s) from </tmp/root.crt> are now trusted |
-t |
Indicates that the certificate is a trusted CA certificate. The command output includes the details of the certificate, which the user is asked to verify. |
-f format |
Specifies the format of the certificates or private key. When importing a certificate, it must be encoded using either the PEM (pem) or binary DER (der) format. |
certfile |
Specifies the file that contains the certificate. |
Display the certificate information.
For example:
# pkgadm listcert -P pass:storepass Keystore Alias: GTE CyberTrust Root Common Name: GTE CyberTrust Root Certificate Type: Trusted Certificate Issuer Common Name: GTE CyberTrust Root Validity Dates: <Feb 23 23:01:00 1996 GMT>-<Feb 23 23:59:00 2006 GMT> MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58 SHA1 Fingerprint: 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91: BC:65:A6:89:64 |
Remove the temporary file.
For example:
# rm /tmp/root.crt |