Packaging and Delivering Software With the Image Packaging System in Oracle® Solaris 11.2

Exit Print View

Updated: July 2014

Untrusted Self-Signed Certificate

The following error occurs when a chain of trust ends in a self-signed certificate that is not trusted by the system.

pkg install: Chain was rooted in an untrusted self-signed certificate.
The package involved is:pkg://test/example_pkg@1.0,5.11-0:20110919T185335Z

When you create a chain of certificates using OpenSSL for testing, the root certificate is usually self-signed, since there is little reason to have an outside company verify a certificate that is only used for testing.

In a test situation, there are two solutions:

  • The first solution is to add the self-signed certificate that is the root of the chain of trust into /etc/certs/CA and refresh the system/ca-certificates service. This mirrors the likely situation customers will encounter where a production package is signed with a certificate that is ultimately rooted in a certificate that is delivered with the operating system as a trust anchor.

  • The second solution is to approve the self-signed certificate for the publisher that offers the package for testing by using the --approve-ca-cert option with the pkg set-publisher command.