sun.com   |  docs.sun.com
How To Buy  |  My Sun  |  Worldwide Sites
         
 
Sun Microsystems Logo
 Products and Services
 		 Support and Training
 
 
Signed Patches Administration Guide for PatchPro 2.2 >> A.   Managing Signed Patches Without Solaris Patch Management Tools (Tasks) >> Managing Signed Patches by Using Netscape Tools (Task Map) 

Previous Previous     Contents     Index     Next Next

ProcedureHow to Verify a Signed Patch (signtool)

  1. Verify that the following prerequisites are met:

  2. Download a signed patch from the following location:

    http://sunsolve.Sun.COM/pub-cgi/show.pl?target=patches/patch-access

  3. Verify a signed patch, for example:

    # signtool -v /patchdb/100103-12.jar
using certificate directory: /.netscape
archive "/patchdb/100103-12.jar" has passed crypto verification.

          status   path
    ------------   -------------------
        verified   100103-12/README
        verified   100103-12/4.1secure.sh
#

    If the patch verification fails, you will see a message similar to this:

    archive DID NOT PASS crypto verification

ProcedureHow to Apply a Verified Signed Patch

  1. Become superuser.

  2. Unzip the patch bundle, for example:

    # unzip 100103-12.jar
Archive:  100103-12.jar
  inflating: 100103-12/README        
  inflating: 100103-12/4.1secure.sh  
  inflating: META-INF/manifest.mf    
  inflating: META-INF/zigbert.sf     
  inflating: META-INF/zigbert.rsa    
#

  3. Apply the verified uncompressed signed patch, for example:

    # patchadd /patchdb/100103-12

Troubleshooting Problems With Netscape Security Tools

This section describes how to troubleshoot problems using signed patches with Netscape tools.

If you need to verify a signed patch, use the following command:

# signtool -v patch-ID.jar

Problem or Error Message

Explanation

Solution

Cannot import Sun certificate chain from https://ra.sun.com:110005 to the Netscape cert database

Self-explanatory.

Make sure that the GTE CyberTrust Root CA was deleted before importing the certificate chain. For more information, see How to Import the Sun Certificates With Netscape 4.7 Tools.

signtool: No certificate database in keystore-location

signtool: Check the -d arguments that you gave

Either the certificate is not in the keystore, the keystore is not accessible, or the arguments are incorrect.

Make sure that the argument is correct and that the keystore is accessible. Use Netscape->Security->Signers to check if all three CAs are present: GTE CyberTrust Root CA, Sun Microsystems Inc CA (Class B) - Sun Microsystems Inc, Sun Microsystems Inc Root CA - GTE Corporation. If the certificates are not in the Netscape keystore, import the certificate chain from https://ra.sun.com:11005.

Cannot install sign patches

It is possible that signed patches cannot be installed due to lack of space.

Make sure that there is enough disk space.

Previous Previous     Contents     Index     Next Next
 
Copyright 1994-2003 Sun Microsystems