The certificate and private key exist. In addition, before signing the software package, you must import any intermediate certificate or "chain" certificate that associates your signing certificate with the certificate authority certificate into the software package keystore.
Attention-
Certificates in different formats may be issued by different certification authorities. Extract the certificate and private key from PKCS 12 file to PEM-encoded.
X.509 files (suitable for importing into package keystore), please use free software conversion tools, such as OpenSSL.
If your private key is encrypted (which is usually the case), you will be prompted to enter the password. In addition, you will be prompted to enter a password to protect the generated package keystore. You can choose not to provide any password, but doing so will result in the package keystore not being encrypted.
The following procedure describes how to import a certificate using the pkgadm command when the certificate format is correct.
Import all certificate authority certificates found in the X.509 certificate file encoded by PEM or DER.
For example, to import all certificate authority certificates found in the ca.pem file, you need to type the following:
$ pkgadm add cert-k ~/my keystore-ty ca . PEM
The output may look like this:
Trust certificate & ltVeriSign Class 1 CA personal \
Subscriber-role not verified & gt
Trust certificate & lt/C=US/O=VeriSign company /OU=Class 1 Public \
Major certification bodies
Type the keystore protection password.
Press Enter to indicate unprotected password (not recommended):
Authentication: Type the keystore protection password.
Press Enter to indicate unprotected password (not recommended):
From & ltca.pem & gt is now trusted.
In order to import your signing key into the package keystore, you must provide an alias to sign the package later. You can also use this alias if you want to delete the key from the package keystore.
For example, to import your signing key from the sign.pem file, you should type the following:
$ pkgadm addcert-k ~/my keystore-n mycert sign . PEM
The output may look like this:
Enter PEM password:
Enter the keystore password:
The certificate & ltsign.pem & gt with alias & lt Mysit & gt was successfully added.
Verify that the certificate is in the package keystore.
For example, to view the certificate created in the previous step in the keystore, you should type the following:
$ pkgadm listcert -k ~/mykeystore