[clue] Solaris 10 certificate store?

[Jim Ockers]

Hi Mike,

Mike Bean wrote:
> At the risk of approaching the oracle for guidance,  I've got, at 
> most, a couple days to try to figure out how to troubleshoot SSL 
> certificates in Solaris.  (I do application support and our app is 
> obviously complaining the cert is bad/untrusted.)   Upon searching my 
> books on the subject (solaris) I find painfully little on the subject 
> of certificates, so I thought I'd ask around if anyone's found good 
> reference material for troubleshooting SSL certificates on Solaris 10?
>
> Bean

Sorry for the delay responding to this.

Did you figure it out?  What kind of certificate are you having trouble 
with?  Just the web server's HTTPS certificate? Or some fancier host or 
client certificates?  I gather that you have an app that uses some 
SSL/TLS protocol to talk to the Solaris server.  What application on the 
Solaris box is handling that end of the connection?  Is it the web 
server?  Some custom service app?

At a guess I would say that you or someone needs to sign the SSL cert on 
the server with a certificate authority, and then make sure your app (as 
the client) has the certificate authority's public key in its local 
certificate store.  You can go with a publicly "trusted" CA for the 
signature and then hopefully your app will already have the CA's public 
key, or else you can use a self-issued and self-signed CA and just add 
your new CA's public key to the client's certificate store.

Hope this helps & makes sense,
Jim

-- 
Jim Ockers, P.E., P.Eng. (ockers at ockers.net)
Contact info: http://www.ockers.net/msi.html