Skip Navigation Links | |
Exit Print View | |
Oracle Solaris 10 1/13 Installation Guide: Network-Based Installations Oracle Solaris 10 1/13 Information Library |
Part I Planning to Install Over the Network
1. Where to Find Oracle Solaris Installation Planning Information
2. Preconfiguring System Configuration Information (Tasks)
3. Preconfiguring With a Naming Service or DHCP
Part II Installing Over a Local Area Network
4. Installing From the Network (Overview)
5. Installing From the Network With DVD Media (Tasks)
6. Installing From the Network With CD Media (Tasks)
7. Patching the Miniroot Image (Tasks)
8. Installing Over the Network (Examples)
9. Installing From the Network (Command Reference)
Part III Installing Over a Wide Area Network
11. Preparing to Install With WAN Boot (Planning)
12. Installing With WAN Boot (Tasks)
13. SPARC: Installing With WAN Boot (Tasks)
14. SPARC: Installing With WAN Boot (Examples)
Create the Document Root Directory
Check the Client OBP for WAN Boot Support
Install the wanboot Program on the WAN Boot Server
Create the /etc/netboot Hierarchy
Copy the wanboot-cgi Program to the WAN Boot Server
(Optional) Configure the WAN Boot Server as a Logging Server
Configure the WAN Boot Server to Use HTTPS
Provide the Trusted Certificate to the Client
Create the Keys for the Server and the Client
Create and Validate the rules File
Create the System Configuration File
Check the net Device Alias in OBP
To further protect your data during the installation, you might want to require wanclient-1 to authenticate itself to wanserver-1. To enable client authentication in your WAN boot installation, insert a client certificate and private key in the client subdirectory of the /etc/netboot hierarchy.
To provide a private key and certificate to the client, perform the following tasks:
Assume the same user role as the web server user.
Split the PKCS#12 file into a private key and a client certificate.
Insert the certificate in the client's certstore file.
Insert the private key in the client's keystore file.
In this example, you assume the web server user role of nobody. Then, you split the server PKCS#12 certificate that is named cert.p12. You insert certificate in the /etc/netboot hierarchy for wanclient-1. You then insert the private key that you named wanclient.key in the client's keystore file.
wanserver-1# su nobody Password: wanserver-1# wanbootutil p12split -i cert.p12 -c \ /etc/netboot/192.168.198.0/010003BA152A42/certstore -k wanclient.key wanserver-1# wanbootutil keymgmt -i -k wanclient.key \ -s /etc/netboot/192.168.198.0/010003BA152A42/keystore \ -o type=rsa