CA cert Overview X.509 certificates ("certs") contain a RSA public key and the key's signer ("CN" or "Subject"). This is to verify that some file or object was signed with the key holder's private key. Certificate Authority certificates ("CA certs") are issued by well-known organizations to verify that a cert is legitimate and that the public key in the cert can be trusted.
Solaris-specific Solaris keeps the CA certs in /etc/certs/CA/. Hashed links to the CA certs are in /etc/openssl/certs/ for fast lookup and access (usually by OpenSSL). Usually, each filename in /etc/certs/CA is the cert holder's CN with spaces replaced by underscores ("_") and appended with a .pem file name extension. For example, file /etc/certs/CA/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.pem contains the cert for CN "VeriSign Class 4 Public Primary Certification Authority - G3"
If a CA cert you need (to verify one of your certs) is missing, you can add the cert yourself. Here's an example of adding a fictitious cert named Elbonia_Root_CA.pem
The default CA cert files and ca-certificates service were added in Solaris 11.0.
Contributed by: Pavel Heimlich and Ales Cernosek Oracle Solaris 11.4 delivers a modern and extensible enterprise desktop environment. The...