My Oracle Support Banner

In Solaris 11.4 service svc:/system/identity:cert fails to start (Doc ID 2938779.1)

Last updated on MAY 17, 2023

Applies to:

Solaris Operating System - Version 11.4 and later
Information in this document applies to any platform.

Symptoms

Description
=========

On reboot the service "svc:/system/identity:cert" fails to start:



Changes

After having upgraded system to 11.4 SRU 33, svc:/system/identity:cert did not start.

Attempted to address this by regenerating new certs as below:

pktool gencsr keystore=file format=pem keytype=rsa hash=sha256 keylen=2048 outkey=/etc/certs/localhost/host.key outcsr=/etc/certs/localhost/host.csr eku=serverAuth,clientAuth subject="CN=<hostname>" altname="DNS=unixs1209pridm,IP=xxx.xxx.xxx.xxx,IP=xxx.xxx.xxx.xxx"
pktool signcsr keystore=file format=pem serial=7c19dd00ae5c csr=/etc/certs/localhost/host.csr signkey=/etc/certs/localhost/host-ca/hostca.key outcert=/etc/certs/localhost/host.crt lifetime=1-year eku=serverAuth,clientAuth issuer="O=Host Root CA, CN=<hostname>"

svccfg -s identity:cert setprop certificate/generate=true
svcadm clear svc:/system/identity:cert

This did not work. 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.