Go to main content
Oracle® VM Server for SPARC 3.4 Administration Guide

Exit Print View

Updated: August 2016

Configuring SSL Certificates for Migration

To perform certificate-based authentication, use the –c option with the ldm migrate-domain command. This option is mutually exclusive with the password file and alternate user options. If the –c option is not specified, the migration operation performs password authentication.


How to Configure SSL Certificates for Migration

To configure SSL certificates, you must perform the steps in this task on the control domain of the source machine.

  1. Create the /var/share/ldomsmanager/trust directory if it does not already exist.
    src-primary# mkdir /var/share/ldomsmanager/trust
  2. Copy the ldmd certificate from the target server to the local trusted certificate directory.

    The remote ldmd certificate is the /var/share/ldomsmanager/server.crt on the remote host. The local ldmd trusted certificate directory is /var/share/ldomsmanager/trust. Rename the remote certificate file target-hostname.pem, for example tgt-primary.pem.

  3. Create a symbolic link from the certificate in the trusted certificate directory to the /etc/certs/CA directory.

    Set the REMOTE variable to the host name of the target server that points to the target server certificat, tgt-primary.pem.

    src-primary# ln -s /var/share/ldomsmanager/trust/tgt-primary.pem /etc/certs/CA/
  4. Restart the svc:/system/ca-certificates service.
    src-primary# svcadm restart svc:/system/ca-certificates
  5. Verify that the configuration is correct.
    src-primary# openssl verify /var/share/ldomsmanager/trust/tgt-primary.pem
    /var/share/ldomsmanager/trust/tgt-primary.pem: ok
  6. Verify that the ca-certificates service is online.

    Restart or enable the service if required.

    src-primary# svcs ca-certificates
    /var/share/ldomsmanager/trust/tgt-primary.pem: ok
    STATE        STIME    FMRI
    online       0:22:38  svc:/system/ca-certificates:default
  7. Restart the ldmd daemon.
    src-primary# svcadm restart ldmd
  8. Repeat these steps on the target server.