Sun and OracleChannel SunHow to BuyLog InEnglish

Solaris 10 8/07 Installation Guide: Network-Based Installations
  Search only this book
Search Help
View this book in:
Contained Within
Find More Documentation
Featured Support Resources
 Download this book in PDF (1853 KB)

(Optional) Use Private Key and Certificate for Client Authentication

To further protect your data during the installation, you might want to require wanclient-1 to authenticate itself to wanserver-1. To enable client authentication in your WAN boot installation, insert a client certificate and private key in the client subdirectory of the /etc/netboot hierarchy.

To provide a private key and certificate to the client, perform the following tasks.

  • Assume the same user role as the web server user

  • Split the PKCS#12 file into a private key and a client certificate

  • Insert the certificate in the client's certstore file

  • Insert the private key in the client's keystore file

In this example, you assume the web server user role of nobody. Then, you split the server PKCS#12 certificate that is named cert.p12. You insert certificate in the /etc/netboot hierarchy for wanclient-1. You then insert the private key that you named wanclient.key in the client's keystore file.


wanserver-1# su nobody
Password:
wanserver-1# wanbootutil p12split -i cert.p12 -c \
/etc/netboot/192.168.198.0/010003BA152A42/certstore -k wanclient.key
wanserver-1# wanbootutil keymgmt -i -k wanclient.key \
-s  /etc/netboot/192.168.198.0/010003BA152A42/keystore \
-o type=rsa