One feature of your freshly installed Solaris 11.4 instance that can fly under the radar is the svc:/system/identity:cert service. This provides you with a system-generated (that's your system, not Oracle) certificate which is self-signed, and which a number of other services depend upon:
$ svcs -D identity:cert STATE STIME FMRI disabled Apr_26 svc:/system/rad:remote online Apr_26 svc:/system/ca-certificates:default online Apr_26 svc:/milestone/self-assembly-complete:default online May_03 svc:/system/webui/server:default
By-the-bye, the svc:/system/ca-certificates service helps keep the system copy of Certificate Authority certificates updated.
Once you've obtained a CA-signed certificate, it's actually very easy to do:
# SVC=svc:/system/identity:cert # svccfg -s $SVC setprop certificate/cert/pem_value = astring: "$(cat /path/to/signed/certificate.crt )" # svccfg -s $SVC setprop certificate/cert/private_key/pem_value = astring: "$(cat /path/to/signed/certificate.key )" # svccfg -s $SVC setprop certificate/ca/pem_value = astring: "$(cat /path/to/issuer/certificate.crt )" # svcadm refresh $SVC # svcadm restart -sr $SVC