|Skip Navigation Links|
|Exit Print View|
|Oracle Solaris 10 1/13 Installation Guide: Network-Based Installations Oracle Solaris 10 1/13 Information Library|
To further protect your data during the installation, you might want to require wanclient-1 to authenticate itself to wanserver-1. To enable client authentication in your WAN boot installation, insert a client certificate and private key in the client subdirectory of the /etc/netboot hierarchy.
To provide a private key and certificate to the client, perform the following tasks:
Assume the same user role as the web server user.
Split the PKCS#12 file into a private key and a client certificate.
Insert the certificate in the client's certstore file.
Insert the private key in the client's keystore file.
In this example, you assume the web server user role of nobody. Then, you split the server PKCS#12 certificate that is named cert.p12. You insert certificate in the /etc/netboot hierarchy for wanclient-1. You then insert the private key that you named wanclient.key in the client's keystore file.
wanserver-1# su nobody Password: wanserver-1# wanbootutil p12split -i cert.p12 -c \ /etc/netboot/192.168.198.0/010003BA152A42/certstore -k wanclient.key wanserver-1# wanbootutil keymgmt -i -k wanclient.key \ -s /etc/netboot/192.168.198.0/010003BA152A42/keystore \ -o type=rsa