Oracle Solaris provides a keystore for Certificate Authority (CA) certificate files. To manage the keystore, you restart the SMF ca-certificates service after you add, remove, or blacklist certificates from the keystore.
X.509 certificates contain an RSA public key and the key's signer ("CN" or "Subject"). The key and signer verifies that some file or object was signed with the key holder's private key. CA certificates are issued by well-known organizations to verify that a certificate is legitimate and that the public key in the certificate can be trusted.
Oracle Solaris keeps the CA certificates in the /etc/certs/CA directory. Hashed links to the CA certificates are in the /etc/openssl/certs directory to enable fast lookup and access, typically by OpenSSL. Usually, each filename in the /etc/certs/CA directory is the certificate holder's CN with spaces replaced by underscores ("_") and appended with a .pem extension. For example, the file /etc/certs/CA/ExampleCo-_G3.pem contains the certificate for CN "ExampleCo Class 4 Public Primary Certification Authority - G3".
You can add certificates and blacklist certificates.