Managing Encryption and Certificates in Oracle® Solaris 11.2

Exit Print View

Updated: September 2014

KMF Keystore Management

    KMF manages the keystores for three public key technologies, PKCS #11 tokens, NSS, and OpenSSL. For all of these technologies, the pktool command enables you to do the following:

  • Generate a self-signed certificate

  • Generate a certificate request

  • Generate a symmetric key

  • Generate a public/private key pair

  • Generate a PKCS #10 certificate signing request (CSR) to be sent to an external certificate authority (CA) to be signed

  • Sign a PKCS #10 CSR

  • Import objects into the keystore

  • List the objects in the keystore

  • Delete objects from the keystore

  • Download a CRL

For the PKCS #11 and NSS technologies, the pktool command also enables you to set a PIN by generating a passphrase for the keystore or for an object in the keystore.

For examples of using the pktool utility, see the pktool (1) man page and Table 4–1.