sun.com   |  docs.sun.com
How To Buy  |   My Sun  |   Worldwide Sites
        
 
Sun Microsystems Logo
 Products & Services
 		 Support & Training
 
 
System Administration Guide: Basic Administration >> 23.  Managing Software (Tasks) >> Adding and Removing Signed Packages (Task Map) >> How to Import a Trusted Certificate into the Package Keystore (pkgadm addcert) 

Previous Previous     Contents     Index     Next Next

Example--Importing a Trusted Certificate

The following example shows how to import a trusted certificate. In this example, Sun's Root CA certificate is imported from the Java keystore into the package keystore with the keytool command.

# keytool -export -storepass changeit -alias gtecybertrustca -keystore 
gtecybertrustca -keystore /usr/j2se/jre/lib/security/cacerts -file 
/tmp/root.crt
Certificate stored in file </tmp/root.crt>
# pkgadm addcert -t -f der /tmp/root.crt
Enter Keystore Password: storepass
      Keystore Alias: GTE CyberTrust Root
         Common Name: GTE CyberTrust Root
    Certificate Type: Trusted Certificate
  Issuer Common Name: GTE CyberTrust Root
      Validity Dates:<Feb 23 23:01:00 1996 GMT>-<Feb 23 23:59:00 2006 GMT>
     MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
    SHA1 Fingerprint: 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC...
Trusting certificate <GTE CyberTrust Root>
Type a Keystore protection Password.
Press ENTER for no protection password (not recommended): xxx
For Verification: Type a Keystore protection Password.
Press ENTER for no protection password (not recommended): xxx
Certificate(s) from </tmp/root.crt> are now trusted
# rm /tmp/root.crt

ProcedureHow to Display Certificate Information (pkgadm listcert)

  1. Become superuser or assume an equivalent role.

  2. Display the contents of the package keystore.

    # pkgadm listcert

Example--Displaying Certificate Information (pkgadm listcert)

The following example shows how to display the details of a locally stored certificate.

# pkgadm listcert -P pass:storepass
    Keystore Alias: GTE CyberTrust Root
       Common Name: GTE CyberTrust Root
  Certificate Type: Trusted Certificate
Issuer Common Name: GTE CyberTrust Root
    Validity Dates: <Feb 23 23:01:00 1996 GMT> - <Feb 23 23:59:00 2006 GMT>
   MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
  SHA1 Fingerprint: 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC...

ProcedureHow to Remove a Certificate (pkgadm removecert)

  1. Become superuser or assume an equivalent role.

  2. Remove the trusted certificate from the package keystore.

    # pkgadm removecert -n "certfile"

    The -n "certfile" option specifies the alias of the user certificate/key pair or the alias of the trusted certificate.

    Note - View the alias names for certificates with the pkgadm listcert command.

Example--Removing a Certificate (pkgadm removecert)

The following example shows how to remove a certificate.

# pkgadm listcert
Enter Keystore Password: storepass
      Keystore Alias: GTE CyberTrust Root
         Common Name: GTE CyberTrust Root
    Certificate Type: Trusted Certificate
  Issuer Common Name: GTE CyberTrust Root
      Validity Dates:<Feb 23 23:01:00 1996 GMT>-<Feb 23 23:59:00 2006 GMT>
     MD5 Fingerprint: C4:D7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
    SHA1 Fingerprint: 90:DE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC...
# pkgadm removecert -n "GTE CyberTrust Root"
Enter Keystore Password: storepass
Successfully removed Certificate(s) with alias <GTE CyberTrust Root>

ProcedureHow to Set Up a Proxy Server (pkgadd)

If your system is behind a firewall with a proxy, you will need to set up a proxy server before you can add a package from an HTTP server with the pkgadd command.

  1. Become superuser or assume an equivalent role.

  2. Select one of the following methods to specify a proxy server.

    1. Specify the proxy server by using the http_proxy, HTTPPROXY, or HTTPPROXYPORT environment variable.

      For example:

      # setenv http_proxy http://mycache.domain:8080

      Or, specify one of the following:

      # setenv HTTPPROXY mycache.domain
# setenv HTTPPROXYPORT 8080

    2. Specify the proxy server on the pkgadd command line.

      For example:

      # pkgadd -x mycache.domain:8080 -d http://myserver.com/pkg SUNWpkg

    3. Create a admin file that includes proxy server information.

      For example:

      # cat /tmp/admin
mail=
instance=unique
partial=ask
runlevel=ask
idepend=ask
rdepend=ask
space=ask
setuid=ask
conflict=ask
action=ask
networktimeout=60
networkretries=3
authentication=quit
keystore=/var/sadm/security
basedir=default
proxy=mycache.domain:8080

      Then, identify the admin file with the pkgadd -a command. For example:

      # pkgadd -a /tmp/admin -d http://myserver.com/pkg SUNWpkg

Previous Previous     Contents     Index     Next Next
 
Copyright 1994-2004 Sun Microsystems