1. Automatically Installing Oracle Solaris 11.4 Systems
  2. Securing Automated Installation
  3. Overview of Securing Automated Installations
  4. Generating Credentials

Generating Credentials

You can generate credentials either automatically or by providing user-supplied credentials.

  • To generate credentials automatically, use the -g option. For example: 

    $ installadm set-server -g

    In this example, the -g option generates or regenerates HTTPS credentials as well as firmware keys. See Securing Automated Installations for other examples of how to generate credentials.

  • To provide the credentials yourself, use the following options:

    • -A specifies the path to the PEM-encoded X.509 Certificate Authority (CA) certificate file.

      CA certificates must have unique subject lines. You specify each CA chain of trust one time. If the CA chain includes more than one CA certificate file, use separate -A options.

    • -C specifies the path to a PEM-encoded X.509 certificate file.

    • -K specifies the path to a PEM-encoded X.509 private key file. This key file must have any passphrase removed.

    In the following example, all 3 certificate files are created at one time.

    $ installadm set-server -C server.crt -K server.key -A cacert.pem

    The certificate authority (CA) can be created separately from the certificate and key files. However, the certificate authority must be created first before you create the certificate and key files. However, the certificate and key files must be created together.