Copy the Solaris installation image to install-dir-path, and copy the WAN boot miniroot to wan-dir-path on the install server's local disk.

setup_install_server –w wan-dir-path install-dir-path

Create a Solaris Flash archive that is named name.flar.

• name is the name of the archive

• optional-parameters are optional parameters you can use to customize the archive

• document-root is the path to the document root directory on the install server

• filename is the name of the archive

flarcreate – n name [optional-parameters] document-root/flash/filename

Check the validity of the custom JumpStart rules file that is named rules.

./check -r rules

Check the validity of the wanboot.conf file.

• net-ip is the IP address of the client's subnet.

• client-ID can be a user-defined ID or the DHCP client ID.

bootconfchk /etc/netboot/net-ip/client-ID/wanboot.conf

Check for WAN boot installation support in the client OBP.

eeprom | grep network-boot-arguments

Create a master HMAC SHA1 key for the WAN boot server.

wanbootutil keygen -m

Create a HMAC SHA1 hashing key for the client.

• net-ip is the IP address of the client's subnet.

• client-ID can be a user-defined ID or the DHCP client ID.

wanbootutil keygen -c -o net=net-ip,cid=client-ID,type=sha1

Create an encryption key for the client.

• net-ip is the IP address of the client's subnet.

• client-ID can be a user-defined ID or the DHCP client ID.

• key-type is either 3des or aes.

wanbootutil keygen -c -o net=net-ip,cid=client-ID,type=key-type

Split a PKCS#12 certificate file and insert the certificate in the client's truststore.

• p12cert is the name of the PKCS#12 certificate file.

• net-ip is the IP address of the client's subnet.

• client-ID can be a user-defined ID or the DHCP client ID.

wanbootutil p12split -i p12cert -t /etc/netboot/net-ip/client-ID/truststore

Split a PKCS#12 certificate file and insert the client certificate in the client's certstore.

• p12cert is the name of the PKCS#12 certificate file.

• net-ip is the IP address of the client's subnet.

• client-ID can be a user-defined ID or the DHCP client ID.

• keyfile is the name of the client's private key.

wanbootutil p12split -i p12cert -c /etc/netboot/net-ip/client-ID/certstore -k keyfile

Insert the client private key from a split PKCS#12 file in the client's keystore.

• keyfile is the name of the client's private key.

• net-ip is the IP address of the client's subnet.

• client-ID can be a user-defined ID or a DHCP client ID.

wanbootutil keymgmt -i -k keyfile -s /etc/netboot/net-ip/client-ID/keystore -o type=rsa

Display the value of a HMAC SHA1 hashing key.

• net-ip is the IP address of the client's subnet.

• client-ID can be a user-defined ID or the DHCP client ID.

wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=sha1

Display the value of an encryption key.

• net-ip is the IP address of the client's subnet.

• client-ID can be a user-defined ID or the DHCP client ID.

• key-type is either 3des or aes.

wanbootutil keygen -d -c -o net=net-ip,cid=client-ID,type=key-type

Insert a hashing key or an encryption key on a running system. key-type can have a value of sha1, 3des, or aes.

/usr/lib/inet/wanboot/ickey -o type=key-type