Provide the Trusted Certificate to the Client

By requiring the server to authenticate itself to the client, you protect the data that is transmitted from the server to the client over HTTPS. To enable server authentication, you provide a trusted certificate to the client. The trusted certificate enables the client to verify the identity of the server during the installation.

To provide the trusted certificate to the client, split the certificate to extract a trusted certificate. Then, insert the trusted certificate in the client's truststore file in the /etc/netboot hierarchy.

In this example, you split the server PKCS#12 certificate that is named cert.p12, and insert the trusted certificate in /etc/netboot directory for wanclient-1.

wanserver-1# wanbootutil p12split -i cert.p12 -t \
  /etc/netboot/192.168.198.0/010003BA152A42/truststore

Previous: Configure the WAN Boot Server to Use HTTPS
Next: (Optional) Use Private Key and Certificate for Client Authentication