Solaris 10 5/09 Installation Guide: Network-Based Installations

(Optional) Use Private Key and Certificate for Client Authentication

To further protect your data during the installation, you might want to require wanclient-1 to authenticate itself to wanserver-1. To enable client authentication in your WAN boot installation, insert a client certificate and private key in the client subdirectory of the /etc/netboot hierarchy.

To provide a private key and certificate to the client, perform the following tasks.

In this example, you assume the web server user role of nobody. Then, you split the server PKCS#12 certificate that is named cert.p12. You insert certificate in the /etc/netboot hierarchy for wanclient-1. You then insert the private key that you named wanclient.key in the client's keystore file.

wanserver-1# su nobody
wanserver-1# wanbootutil p12split -i cert.p12 -c \
/etc/netboot/ -k wanclient.key
wanserver-1# wanbootutil keymgmt -i -k wanclient.key \
-s  /etc/netboot/ \
-o type=rsa