Go to main content

Oracle® VM Server for SPARC 3.6 Administration Guide

Exit Print View

Updated: September 2019
 
 

Configuring SSL Certificates for Migration

To perform certificate-based authentication, use the –c option with the ldm migrate-domain command. This option is mutually exclusive with the password file and alternate user options. If the –c option is not specified, the migration operation performs password authentication.

How to Configure SSL Certificates for Migration

To configure SSL certificates, you must perform the steps in this task on the control domain of the source machine.

  1. Create the /var/share/ldomsmanager/trust directory if it does not already exist.
    source:primary# mkdir /var/share/ldomsmanager/trust
  2. Copy the ldmd certificate from the target server to the local trusted certificate directory.

    The remote ldmd certificate is the /var/share/ldomsmanager/server.crt on the remote host. The local ldmd trusted certificate directory is /var/share/ldomsmanager/trust. Rename the remote certificate file target-hostname.pem, for example tgt-primary.pem.

  3. Create a symbolic link from the certificate in the trusted certificate directory to the /etc/certs/CA directory.
    source:primary# ln -s /var/share/ldomsmanager/trust/tgt-primary.pem /etc/certs/CA/
  4. Restart the svc:/system/ca-certificates service.
    source:primary# svcadm restart svc:/system/ca-certificates
  5. Verify that the configuration is correct.
    source:primary# openssl verify /var/share/ldomsmanager/trust/tgt-primary.pem
    /var/share/ldomsmanager/trust/tgt-primary.pem: ok
  6. Verify that the ca-certificates service is online.

    Restart or enable the service if required.

    source:primary# svcs ca-certificates
    /var/share/ldomsmanager/trust/tgt-primary.pem: ok
    STATE        STIME    FMRI
    online       0:22:38  svc:/system/ca-certificates:default
  7. Restart the ldmd daemon.
    source:primary# svcadm restart ldmd
  8. Repeat these steps on the target server.