In Solaris 11.4 service svc:/system/identity:cert fails to start
(Doc ID 2938779.1)
Last updated on OCTOBER 17, 2023
Applies to:
Solaris Operating System - Version 11.4 and laterInformation in this document applies to any platform.
Symptoms
Description
=========
On reboot the service "svc:/system/identity:cert" fails to start:
Changes
After having upgraded system to 11.4 SRU 33, svc:/system/identity:cert did not start.
Attempted to address this by regenerating new certs as below:
pktool gencsr keystore=file format=pem keytype=rsa hash=sha256 keylen=2048 outkey=/etc/certs/localhost/host.key outcsr=/etc/certs/localhost/host.csr eku=serverAuth,clientAuth subject="CN=<hostname>" altname="DNS=unixs1209pridm,IP=xxx.xxx.xxx.xxx,IP=xxx.xxx.xxx.xxx"
pktool signcsr keystore=file format=pem serial=7c19dd00ae5c csr=/etc/certs/localhost/host.csr signkey=/etc/certs/localhost/host-ca/hostca.key outcert=/etc/certs/localhost/host.crt lifetime=1-year eku=serverAuth,clientAuth issuer="O=Host Root CA, CN=<hostname>"
svccfg -s identity:cert setprop certificate/generate=true
svcadm clear svc:/system/identity:cert
This did not work.
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |