0

I have an older Solaris 11.3 box. The box has my old key and certificate on it and they are expired. It is causing pkg update to fail:

pkg update: One or more client key and certificate files have expired. Please update the configuration for the publishers or origins listed below: Publisher: solarisstudio Origin URI: https://pkg.oracle.com/solarisstudio/release/ Certificate: /var/pkg/ssl/58e4e6a85dc87a50e56563042baedfba0d3622fc Key: /var/pkg/ssl/f348576808455b0fc8cda24323f97c79e1d96a9c

I have my new key and certificate and I am trying to install them. I reran the command to install a key and certificate:

$ sudo pkg set-publisher \ -k ~/pkg.oracle.com.key.pem \ -c ~/pkg.oracle.com.certificate.pem \ -G "*" -g https://pkg.oracle.com/solarisstudio/release solarisstudio pkg set-publisher: One or more client key and certificate files have expired. Please update the configuration for the publishers or origins listed below: Publisher: solarisstudio Origin URI: https://pkg.oracle.com/solarisstudio/release/ Certificate: /export/home/jwalton/pkg.oracle.com.certificate.pem Key: /export/home/jwalton/pkg.oracle.com.key.pem

This must be some sort of perverse joke from Oracle. I am trying to give it the non-expired key and certificate but it is rejecting them because of the expired ones. Sigh...

Here is Oracle's page for Troubleshooting Package Installation and Update, but it fails to provide instructions for updating the key and certificate. (Again, I must be the only guy on the planet having this problem).

I tried to remove the origin manually with -G but the problem persists:

$ pkg set-publisher -G https://pkg.oracle.com/solarisstudio/release/ pkg set-publisher: requires a publisher name Usage: pkg set-publisher [-Ped] [-k ssl_key] [-c ssl_cert] [-g origin_to_add|--add-origin=origin_to_add ...] [-G origin_to_remove|--remove-origin=origin_to_remove ...] [-m mirror_to_add|--add-mirror=mirror_to_add ...] [-M mirror_to_remove|--remove-mirror=mirror_to_remove ...] [-p repo_uri] [--enable] [--disable] [--no-refresh] [--reset-uuid] [--non-sticky] [--sticky] [--search-after=publisher] [--search-before=publisher] [--search-first] [--approve-ca-cert=path_to_CA] [--revoke-ca-cert=hash_of_CA_to_revoke] [--unset-ca-cert=hash_of_CA_to_unset] [--set-property name_of_property=value] [--add-property-value name_of_property=value_to_add] [--remove-property-value name_of_property=value_to_remove] [--unset-property name_of_property_to_delete] [--proxy proxy to use] [publisher]

And updating the properties in-place:

$ sudo pkg set-publisher \ --add-property-value key=~/pkg.oracle.com.key.pem solarisstudio \ --add-property-value certificate=~/certificate=~/pkg.oracle.com.certificate.pem \ solarisstudio pkg set-publisher: One or more client key and certificate files have expired. Please ...

And:

$ sudo pkg set-publisher --set-property key=~/pkg.oracle.com.key.pem solarisstudio \ --set-property certificate=~/pkg.oracle.com.certificate.pem solarisstudio pkg set-publisher: only one publisher name may be specified ...

How do I update the key and certificate?

Improve this question

1 Answer 1

Reset to default
1

Good that the key/cert pair work on another system.

To remove an existing publisher:

 pkg unset-publisher solarisstudio

or a specific origin for a publisher:

 pkg set-publisher -G https://pkg.oracle.com/solarisstudio/release solarisstudio

But anyway the certificate could be examined via: 

 openssl x509 -in path_to_certificate_file -text

and so have a look at the output and see if the dates are correct (it might be interesting to verify that the cert file on the 'old' system is the same as the one on the 'new' system by ensuring the output is the same).

Improve this answer

You must log in to answer this question.