To perform certificate-based authentication, use the –c option with the ldm migrate-domain command. This option is mutually exclusive with the password file and alternate user options. If the –c option is not specified, the migration operation performs password authentication.
To configure SSL certificates, you must perform the steps in this task on the control domain of the source machine.
src-primary# mkdir /var/share/ldomsmanager/trust
The remote ldmd certificate is the /var/share/ldomsmanager/server.crt on the remote host. The local ldmd trusted certificate directory is /var/share/ldomsmanager/trust. Rename the remote certificate file target-hostname.pem, for example tgt-primary.pem.
Set the REMOTE variable to the host name of the target server that points to the target server certificat, tgt-primary.pem.
src-primary# ln -s /var/share/ldomsmanager/trust/tgt-primary.pem /etc/certs/CA/
src-primary# svcadm restart svc:/system/ca-certificates
src-primary# openssl verify /var/share/ldomsmanager/trust/tgt-primary.pem /var/share/ldomsmanager/trust/tgt-primary.pem: ok
Restart or enable the service if required.
src-primary# svcs ca-certificates /var/share/ldomsmanager/trust/tgt-primary.pem: ok STATE STIME FMRI online 0:22:38 svc:/system/ca-certificates:default
src-primary# svcadm restart ldmd