Go to main content

Managing Encryption and Certificates in Oracle^® Solaris 11.3

Exit Print View

» ...Documentation Home » Oracle Solaris 11.3 Information Library » Managing Encryption and Certificates in ... » Using the Cryptographic Framework » Administering the Cryptographic Framework » Refreshing or Restarting All Cryptographic ...

Updated: December 2018

Managing Encryption and Certificates in Oracle^® Solaris 11.3

Document Information

Using This Documentation

Chapter 1 Cryptography in Oracle Solaris

Chapter 2 Cryptographic Optimizations and Hardware Acceleration on SPARC Based Systems

Chapter 3 Using the Cryptographic Framework

Protecting Files With the Cryptographic Framework

Administering the Cryptographic Framework

Listing Available Providers

Adding a Software Provider

How to Add a Software Provider

Creating a Boot Environment With FIPS 140-2 Enabled

How to Create a Boot Environment With FIPS 140-2 Enabled

Preventing the Use of Mechanisms

How to Prevent the Use of a User-Level Mechanism

How to Prevent the Use of a Kernel Software Mechanism

How to Disable Hardware Provider Mechanisms and Features

Refreshing or Restarting All Cryptographic Services

How to Refresh or Restart All Cryptographic Services

Chapter 4 Managing Certificates in Oracle Solaris

Chapter 5 KMIP and PKCS #11 Client Applications

Cryptographic Services Glossary

Language:

Refreshing or Restarting All Cryptographic Services

By default, the Cryptographic Framework is enabled. When the kcfd daemon fails for any reason, the Service Management Facility (SMF) can be used to restart cryptographic services. For more information, see the smf(5) and svcadm(1M) man pages. For the effect on zones of restarting cryptographic services, see Cryptographic Framework and Zones.

How to Refresh or Restart All Cryptographic Services

Before You Begin

You must become an administrator who is assigned the Crypto Management rights profile. For more information, see Using Your Assigned Administrative Rights in Securing Users and Processes in Oracle Solaris 11.3.

Check the status of cryptographic services.

$ svcs cryptosvc
STATE          STIME    FMRI
offline         Dec_09   svc:/system/cryptosvc:default

Enable cryptographic services.
```
$ svcadm enable svc:/system/cryptosvc
```

Example 24 Refreshing Cryptographic Services

In the following example, cryptographic services are refreshed in the global zone. Therefore, kernel-level cryptographic policy in every non-global zone is also refreshed.

$ svcadm refresh system/cryptosvc

Copyright © 2002, 2018, Oracle and/or its affiliates. All rights reserved.