The /etc/crypto/certs directory contains ASN.1 BER or PEM encoded certificate files for use by the Solaris Cryptographic Framework.
A default installation contains root anchors and signing certificates. The CA and SUNWobjectCA certificates are the trust anchors for all other certificates. Other certificates contain the certificates used to sign and verify the Solaris user and kernel cryptographic plug-ins
Additional signing certificates may be installed by third-party cryptographic providers. They should either be copied to /etc/crypto/certs or included in the package that delivers the provider.
Only certificates that are issued by the CA or SUNWobjectCA certificates and include the organization unit "Solaris Cryptographic Framework" in their subject distinguished names are accepted by the Solaris Cryptographic Framework. This restriction is in place due to US Export Law on the export of open cryptographic interfaces at the time of shipping this revision of the product.
See attributes(5) for descriptions of the following attributes:
elfsign(1), libpkcs11(3LIB), attributes(5)