(Optional) Use Private Key and Certificate for Client Authentication - Solaris Express Installation Guide: Network-Based Installations

Previous

Next

Document Information

Part I Planning to Install Over the Network

1. Where to Find Solaris Installation Planning Information

2. Preconfiguring System Configuration Information (Tasks)

3. Preconfiguring With a Naming Service or DHCP

Part II Installing Over a Local Area Network

4. Installing From the Network (Overview)

5. Installing From the Network With DVD Media (Tasks)

6. Installing From the Network With CD Media (Tasks)

7. Installing Over the Network (Examples)

8. Installing From the Network (Command Reference)

Part III Installing Over a Wide Area Network

9. WAN Boot (Overview)

10. Preparing to Install With WAN Boot (Planning)

11. Installing With WAN Boot (Tasks)

12. SPARC: Installing With WAN Boot (Tasks)

13. SPARC: Installing With WAN Boot (Examples)

Sample Site Setup

Create the Document Root Directory

Create the WAN Boot Miniroot

Install the wanboot Program on the WAN Boot Server

Create the /etc/netboot Hierarchy

Copy the wanboot-cgi Program to the WAN Boot Server

(Optional) Configure the WAN Boot Server as a Logging Server

Configure the WAN Boot Server to Use HTTPS

Provide the Trusted Certificate to the Client

(Optional) Use Private Key and Certificate for Client Authentication

Create the Keys for the Server and the Client

Create the Solaris Flash Archive

Create the sysidcfg File

Create the Client's Profile

Create and Validate the rules File

Create the System Configuration File

Create the wanboot.conf File

Check the net Device Alias in OBP

Install Keys on the Client

Install the Client

14. WAN Boot (Reference)

Part IV Appendixes

A. Troubleshooting (Tasks)

B. Installing or Upgrading Remotely (Tasks)

(Optional) Use Private Key and Certificate for Client Authentication

To further protect your data during the installation, you might want to require wanclient-1 to authenticate itself to wanserver-1. To enable client authentication in your WAN boot installation, insert a client certificate and private key in the client subdirectory of the /etc/netboot hierarchy.

To provide a private key and certificate to the client, perform the following tasks.

Assume the same user role as the web server user
Split the PKCS#12 file into a private key and a client certificate
Insert the certificate in the client's certstore file
Insert the private key in the client's keystore file

In this example, you assume the web server user role of nobody. Then, you split the server PKCS#12 certificate that is named cert.p12. You insert certificate in the /etc/netboot hierarchy for wanclient-1. You then insert the private key that you named wanclient.key in the client's keystore file.

wanserver-1# su nobody
Password:
wanserver-1# wanbootutil p12split -i cert.p12 -c \
/etc/netboot/192.168.198.0/010003BA152A42/certstore -k wanclient.key
wanserver-1# wanbootutil keymgmt -i -k wanclient.key \
-s /etc/netboot/192.168.198.0/010003BA152A42/keystore \
-o type=rsa

Previous

Next