To perform certificate-based authentication, use the –c option with the ldm migrate-domain command. This option is mutually exclusive with the password file and alternate user options. If the –c option is not specified, the migration operation performs password authentication.
src-primary# mkdir /var/share/ldomsmanager/trust
The remote ldmd certificate is the /var/share/ldomsmanager/server.crt on the remote host. The local ldmd trusted certificate directory is /var/share/ldomsmanager/trust. Rename the remote certificate file target-hostname.pem, for example tgt-primary.pem.
Set the REMOTE variable to the host name of the target server that points to the target server certificat, tgt-primary.pem.
src-primary# ln -s /var/share/ldomsmanager/trust/tgt-primary.pem /etc/certs/CA/
src-primary# svcadm restart svc:/system/ca-certificates
src-primary# openssl verify /var/share/ldomsmanager/trust/tgt-primary.pem /var/share/ldomsmanager/trust/tgt-primary.pem: ok
Restart or enable the service if required.
src-primary# svcs ca-certificates /var/share/ldomsmanager/trust/tgt-primary.pem: ok STATE STIME FMRI online 0:22:38 svc:/system/ca-certificates:default
src-primary# svcadm restart ldmd