Installing Oracle® Solaris 11.2 Systems

Exit Print View

Updated: July 2014

Configuring Security Credentials

Use the installadm command to configure security credentials for the AI server, for a specified AI client, for clients of a specified install service, and for any client that does not already have credentials. Configure AI server authentication before client authentication because server credentials are required by the web server for TLS.

    You can use the installadm command to accomplish the following tasks:

  • Automatically generate credentials. If you are not using user-supplied credentials, you can simply use the –g option to automatically generate a private X.509 certificate and key pair, an X.509 CA certificate, and OBP keys. For more information see Configuring AI Server Credentials

  • Input user-supplied credentials. If you are using user-supplied credentials, use the –C, –K, and –A options to specify these user-supplied credentials.

    You can specify just the CA certificate (the –A option) and specify the private certificate and key separately (the –C and –K options), or you can specify all three options in one command. If you specify just the –C and –K options, the associated CA certificate (the –A option) must have been previously specified. The –C and –K options must be specified as a pair; you cannot specify just one of them.

    The argument of the –C option is the path to a PEM-encoded X.509 certificate file.

    The argument of the –K option is the path to a PEM-encoded X.509 private key file. This key file must have any passphrase removed.

    The argument of the –A option is the path to a PEM-encoded X.509 Certificate Authority (CA) certificate file. CA certificates must have unique subject lines. You only need to specify each CA chain of trust one time. If the CA chain includes more than one CA certificate file, use separate –A options in one installadm command.

    OBP keys are generated if they do not already exist. If OBP keys are generated, the OBP commands to set these keys are displayed.

  • Generate OBP keys. OBP keys are automatically generated if they do not already exist when you use the –g, –C, –K, or –A options. See OBP Security Keys for SPARC Clients for information about using the –E and –H options.

  • Display credentials. At any time you can use the installadm list command to display the current set of credentials for the AI server, install service or a specific client.