One feature of your freshly installed Solaris 11.4 instance that can fly
under the radar is the svc:/system/identity:cert
service. This provides
you with a system-generated (that's your system, not Oracle) certificate
which is self-signed, and which a number of other services depend upon:
$ svcs -D identity:cert STATE STIME FMRI disabled Apr_26 svc:/system/rad:remote online Apr_26 svc:/system/ca-certificates:default online Apr_26 svc:/milestone/self-assembly-complete:default online May_03 svc:/system/webui/server:default
By-the-bye, the svc:/system/ca-certificates
service helps keep the system
copy of Certificate Authority certificates updated.
So what do you do if you want to get past an error like this when you try to access https://127.0.0.1:6787 so you can try out the WebUI?
Once you've obtained a CA-signed certificate, it's actually very easy to do:
# SVC=svc:/system/identity:cert # svccfg -s $SVC setprop certificate/cert/pem_value = astring: "$(cat /path/to/signed/certificate.crt )" # svccfg -s $SVC setprop certificate/cert/private_key/pem_value = astring: "$(cat /path/to/signed/certificate.key )" # svccfg -s $SVC setprop certificate/ca/pem_value = astring: "$(cat /path/to/issuer/certificate.crt )" # svcadm refresh $SVC # svcadm restart -sr $SVC