Skip to main content

Contents

  1. Preface
  2. Chapter 1 Understanding an Overview of the SPARC M12/M10
    1.  1.1 Basics of the SPARC M12/M10
    2. Click 1.2 Basics of the XSCF Firmware
    3. Click 1.3 Network Configuration
    4.  1.4 Basics of Hypervisor
    5.  1.5 Basics of Oracle VM Server for SPARC
    6.  1.6 Basics of OpenBoot PROM
  3. Chapter 2 Logging In/Out of the XSCF
    1. Click 2.1 Connecting the System Management Terminal
    2. Click 2.2 Logging In to the XSCF Shell
    3.  2.3 Logging Out from the XSCF Shell
    4. Click 2.4 Logging In to XSCF Web
    5.  2.5 Logging Out From XSCF Web
    6.  2.6 Number of Connectable Users
  4. Chapter 3 Configuring the System
    1. Click 3.1 Preliminary Work for XSCF Setup
    2. Click 3.2 Understanding the Contents of the XSCF Firmware Settings
    3.  3.3 Setting Up From the XSCF Shell
    4.  3.4 Setting Up From XSCF Web
    5. Click 3.5 Creating/Managing XSCF Users
    6. Click 3.6 Setting the XSCF Time/Date
    7. Click 3.7 Configuring the SSH/Telnet Service for Login to the XSCF
    8. Click 3.8 Configuring the HTTPS Service for Login to the XSCF
    9. Click 3.9 Configuring the XSCF Network
    10. Click 3.10 Configuring Auditing to Strengthen XSCF Security
  5. Chapter 4 Configuring the System to Suit the Usage Type
    1. Click 4.1 Setting/Checking the System Altitude
    2. Click 4.2 Controlling System Start
    3. Click 4.3 Enabling/Disabling Dual Power Feed
    4. Click 4.4 Reducing Power Consumption
    5. Click 4.5 Connecting a DVD Drive
    6. Click 4.6 Using Remote Storage
  6. Chapter 5 CPU Activation
    1.  5.1 Basic Concepts of CPU Activation
    2.  5.2 CPU Activation Key
    3. Click 5.3 Adding CPU Core Resources
    4. Click 5.4 Deleting CPU Core Resources
    5. Click 5.5 Moving CPU Core Resources
    6. Click 5.6 Displaying CPU Activation Information
    7. Click 5.7 Saving/Restoring CPU Activation Keys
    8. Click 5.8 Troubleshooting CPU Activation Errors
    9.  5.9 Important Notes about CPU Activation
  7. Chapter 6 Starting/Stopping the System
    1. Click 6.1 Starting the System
    2. Click 6.2 Stopping the System
    3.  6.3 Rebooting the System
    4.  6.4 Suppressing Starting Oracle Solaris at Power-on
  8. Chapter 7 Controlling Physical Partitions
    1.  7.1 Configuring a Physical Partition
    2. Click 7.2 Setting the Physical Partition Operation Mode
    3.  7.3 Powering On a Physical Partition
    4.  7.4 Powering Off a Physical Partition
    5.  7.5 Changing the Configuration of a Physical Partition
  9. Chapter 8 Controlling Logical Domains
    1.  8.1 Configuring a Logical Domain
    2. Click 8.2 Configuring the Oracle Solaris Kernel Zone
    3. Click 8.3 Switching to the Control Domain Console From the XSCF Shell
    4. Click 8.4 Returning to the XSCF Shell From the Control Domain Console
    5.  8.5 Starting a Logical Domain
    6.  8.6 Shutting Down a Logical Domain
    7. Click 8.7 Ordered Shutdown of Logical Domains
    8.  8.8 Checking CPU Activation Information
    9. Click 8.9 Setting the OpenBoot PROM Environment Variables of the Control Domain
    10. Click 8.10 Domain Console Logging Function
    11.  8.11 Changing the Configuration of a Logical Domain
    12.  8.12 Setting the Logical Domain Time
    13. Click 8.13 Collecting a Hypervisor Dump File
    14. Click 8.14 Managing Logical Domain Resources Associated with CPU Sockets
    15. Click 8.15 Setting the Physical Partition Dynamic Reconfiguration Policy
    16. Click 8.16 Setting the Maximum Page Size of a Logical Domain
  10. Chapter 9 Managing the Systems Daily
  11. Chapter 10 Preparing/Taking Action for Failures
    1.  10.1 Learning about Troubleshooting and Related Functions
    2. Click 10.2 Receiving Notification by E-mail When a Failure Occurs
    3. Click 10.3 Monitoring/Managing the System Status With the SNMP Agent
    4. Click 10.4 Monitoring the System
    5.  10.5 Understanding the Failure Degradation Mechanism
    6. Click 10.6 Checking Failed Hardware Resources
    7. Click 10.7 Setting Automatic Replacement of Failed CPU Cores
    8.  10.8 Setting Recovery Mode
    9.  10.9 Setting Up a Redundant Component Configuration
    10. Click 10.10 Saving/Restoring XSCF Settings Information
    11. Click 10.11 Saving/Restoring Logical Domain Configuration Information in the XSCF
    12. Click 10.12 Saving/Restoring Logical Domain Configuration Information in an XML File
    13. Click 10.13 Saving/Restoring the OpenBoot PROM Environment Variables
    14.  10.14 Saving/Restoring the Contents of a Hard Disk
    15.  10.15 Resetting a Logical Domain
    16. Click 10.16 Causing a Panic in a Logical Domain
    17.  10.17 Resetting a Physical Partition
    18. Click 10.18 Returning the Server to the State at Factory Shipment
    19.  10.19 Collecting a Crash Dump File Using Deferred Dump
  12. Chapter 11 Checking the System Status
    1. Click 11.1 Checking the System Configuration/Status
    2. Click 11.2 Checking a Physical Partition
  13. Chapter 12 Checking Logs and Messages
    1. Click 12.1 Checking a Log Saved by the XSCF
    2. Click 12.2 Checking Warning and Notification Messages
  14. Chapter 13 Switching to Locked Mode/Service Mode
    1.  13.1 Understanding the Differences Between Locked Mode and Service Mode
    2.  13.2 Switching the Operating Mode
  15. Chapter 14 Configuring a Highly Reliable System
    1. Click 14.1 Configuring Memory Mirroring
    2. Click 14.2 Configuring Hardware RAID
    3.  14.3 Using the LDAP Service
    4.  14.4 Using SAN Boot
    5.  14.5 Using iSCSI
    6. Click 14.6 Remote Power Management for the SPARC M12/M10 and I/O Devices
    7.  14.7 Using an Uninterruptible Power Supply
    8. Click 14.8 Using Verified Boot
  16. Chapter 15 Expanding the System Configuration
    1.  15.1 Changing the Virtual CPU Configuration
    2.  15.2 Changing the Memory Configuration
    3. Click 15.3 Dynamic Reconfiguration Function for PCIe Endpoint Devices
    4. Click 15.4 Using the PCI Expansion Unit
    5.  15.5 Expanding the SPARC M12-2S/M10-4S
  17. Chapter 16 Updating the XCP Firmware
    1. Click 16.1 Basics of Firmware Update
    2. Click 16.2 Before Updating Firmware
    3.  16.3 Update Flow
    4.  16.4 Preparing an XCP Image File
    5. Click 16.5 Updating Firmware
    6.  16.6 Updating Firmware From XSCF Web
    7. Click 16.7 Firmware Version Matching with Parts Addition/Replacement
    8.  16.8 Trouble During Firmware Update
    9.  16.9 FAQ Relating to Firmware Update
  18. Chapter 17 Updating Oracle Solaris and Oracle VM Server for SPARC
  19. Chapter 18 Troubleshooting
    1.  18.1 Troubleshooting for the XSCF
    2.  18.2 Precautions Concerning Using the RESET Switch
    3.  18.3 Frequently Asked Questions / FAQ
    4.  18.4 System Troubleshooting With the XSCF
  20. Appendix A Lists of SPARC M12/M10 System Device Paths
    1.  A.1 SPARC M12-1 Device Paths
    2. Click A.2 SPARC M12-2 Device Paths
    3. Click A.3 SPARC M12-2S Device Paths
    4.  A.4 SPARC M10-1 Device Paths
    5. Click A.5 SPARC M10-4 Device Paths
    6. Click A.6 SPARC M10-4S Device Paths
  21. Appendix B Identifying an SAS2 Device Based on a WWN
    1.  B.1 World Wide Name (WWN) Syntax
    2.  B.2 Overview of probe-scsi-all Command Output
    3. Click B.3 Identifying a Disk Slot by Using the probe-scsi-all Command
    4. Click B.4 Identifying Disk Slot
  22. Appendix C List of the XSCF Web Pages
    1.  C.1 Overview of the Pages
    2.  C.2 Understanding the Menu Configuration
    3. Click C.3 Available Pages
  23. Appendix D XSCF MIB Information
    1.  D.1 MIB Object Identification
    2.  D.2 Standard MIB
    3. Click D.3 Extended MIB
    4.  D.4 Traps
  24. Appendix E SPARC M12/M10 System-specific Functions of Oracle VM Server for SPARC
    1.  E.1 Ordered Shutdown of Logical Domains
    2.  E.2 CPU Activation Support
    3. Click E.3 Checking Failed Resources
    4.  E.4 Automatic Replacement of Failed CPUs
    5.  E.5 Hypervisor Dump
    6.  E.6 Domain Console Logging Function
    7.  E.7 CPU Socket Restrictions
  25. Appendix F SAS2IRCU Utility Command Examples
    1.  F.1 Displaying a List of SAS Controllers Recognized by sas2ircu
    2.  F.2 Displaying the Information of a Hardware RAID Volume
    3.  F.3 Adding a Hardware RAID Volume
    4.  F.4 Displaying the Configuration Status of a Hardware RAID Volume
    5.  F.5 Creating a Hot Spare of a Hardware RAID Volume
    6.  F.6 Deleting a Hot Spare of a Hardware RAID Volume
    7.  F.7 Deleting a Hardware RAID Volume
    8.  F.8 Identifying the Faulty Disk Drive of a Hardware RAID Volume
  26. Appendix G SPARC M12-1/M10-1 XSCF Startup Mode Function
    1. Click G.1 Function Overview
    2. Click G.2 Restrictions and Notes
    3.  G.3 Configuration Procedure
  27. Appendix H OpenBoot PROM Environment Variables and Commands
    1.  H.1 SCSI Device Display
    2.  H.2 Unsupported OpenBoot PROM Environment Variables
    3.  H.3 Unsupported OpenBoot PROM Commands
    4.  H.4 Behavior With the Security Mode Enabled
  28. Appendix I How to Specify the Boot Device
    1.  I.1 Device Path of the Internal Storage
    2.  I.2 Method of Specification With a PHY Number
    3.  I.3 Method of Specification With a Target ID
    4.  I.4 Method of Specification With an SAS Address
    5.  I.5 Method of Specification With a Volume Device Name
    6.  I.6 Notes About the Device Alias net of the SPARC M12 Without On-Board LAN
  29. Appendix J Lists of DVD Drive Aliases
    1. Click J.1 External DVD Drive Aliases
    2. Click J.2 Remote Storage DVD Drive Aliases
  30. Appendix K CPU Activation Interim Permit
    1.  K.1 What is the CPU Activation Interim Permit?
    2.  K.2 Terms of Use of the CPU Activation Interim Permit and Precautions
    3. Click K.3 Related Commands
    4. Click K.4 Flows and Procedures for Using a CPU Activation Interim Permit
    5. Click K.5 Event Notification of the CPU Activation Interim Permit
    6. Click K.6 Other Important Notes

14.8.11 Enabling/Disabling a Registered X.509 Public Key Certificate


14.8.11 Enabling/Disabling a Registered X.509 Public Key Certificate
To use a user's X.509 public key certificate that has been registered, execute the setvbootconfig command from the XSCF shell to enable the public key certificate. Execute the setvbootconfig command with a user account that has the platadm or pparadm privilege.
In the following example, a disabled public key certificate is enabled.
XSCF> setvbootconfig -p ppar_id -i index -c enable
For ppar_id, specify the destination physical partition. For index, specify the index number of the user's certificate to be enabled.

You can use a list of user's certificates to check index numbers and whether a public key certificate is enabled/disabled. To display a list of user's certificates, execute the showvbootcerts command with the -a option specified.
XSCF> showvbootcerts -p ppar_id -a
In the following example, an enabled public key certificate is disabled.
XSCF> setvbootconfig -p ppar_id -i index -c disable
For ppar_id, specify the destination physical partition. For index, specify the index number of the user's certificate to be disabled.
Note - You can also use XSCF Web to enable/disable an X.509 public key certificate.
Note - You can enable/disable an X.509 public key certificate while the physical partition is powered off or Oracle Solaris on the logical domain is running. If the physical partition or logical domain is in the startup or stop procedure, an error occurs. Perform the operation again after the startup or stop is completed.
Note - A system default certificate is a public key certificate the XSCF has by default. System default certificates cannot be enabled/disabled.
Operation Procedure
  1. Log in to the XSCF.
    For details, see "2.2 Logging In to the XSCF Shell."
  1. Execute the showvbootcerts command to check the index number of the user's certificate to be used and whether the certificate is enabled.
    If the registered public key certificate is already enabled, the subsequent steps are not required.
  1. In the following example, all the X.509 public key certificates registered in PPAR-ID 2 are displayed.
XSCF> showvbootcerts -p 2 -a
--------------------------------------------------------------------------------

PPAR-ID 2 System Index : 1 name : SYSTEM_CERT_1 [Enable(Unchangeable)]
--------------------------------------------------------------------------------

Data:
Version: 3 (0x2)
Serial Number:
0d:fb:b1:5a:2d:2a:e5:81:80:86:eb:34:5e:a4:7e:ed
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Oracle Corporation, OU=VeriSign Trust Network, OU=Class 2 Managed PKI Individual Subscriber CA, CN=Object Signing CA
Subject: O=Oracle Corporation, OU=Corporate Object Signing, OU=Solaris Signed Execution, CN=Solaris 11
--------------------------------------------------------------------------------

PPAR-ID 2 User Index : 2 name : CUSTOM_CERT_2 [Enable]
--------------------------------------------------------------------------------

Data:
Version: 3 (0x2)
Serial Number:
07:ad:b3:06:99:82:39:db:dd:60:41:44:71:be:aa:70
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Thirdparty Corporation, OU=Thirdparty CA, CN=www.example.com
Subject: O=Thirdparty Corporation, OU=Thirdparty Signed Execution, CN=www.example.com
--------------------------------------------------------------------------------

PPAR-ID 2 User Index : 5 name : CUSTOM_CERT_5 [Disable]
--------------------------------------------------------------------------------

Data:
Version: 3 (0x2)
Serial Number:
07:ad:b3:06:99:82:39:db:dd:60:41:44:71:be:bb:71
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Thirdparty Corporation, OU=Thirdparty CA, CN=www.example.com
Subject: O=Thirdparty Corporation, OU=Thirdparty Signed Execution, CN=www.example.com
--------------------------------------------------------------------------------
  1. Execute the setvbootconfig command to enable the public key certificate.
    In the following example, the X.509 public key certificate registered as index number 5 in PPAR-ID 2 is enabled. "y (yes)" is the response to the confirmation message.
XSCF> setvbootconfig -p 2 -i 5 -c enable
Index 5, CUSTOM_CERT_5 on PPAR-ID 2 will be enabled,
Continue?[y|n]: y
  1. Execute the showvbootcerts command to confirm that the public key certificate was enabled.
    In the following example, the X.509 public key certificate registered as index number 5 in PPAR-ID 2 is confirmed as enabled.
XSCF> showvbootcerts -p 2 -a
--------------------------------------------------------------------------------

PPAR-ID 2 System Index : 1 name : SYSTEM_CERT_1 [Enable(Unchangeable)]
--------------------------------------------------------------------------------

Data:
Version: 3 (0x2)
Serial Number:
0d:fb:b1:5a:2d:2a:e5:81:80:86:eb:34:5e:a4:7e:ed
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Oracle Corporation, OU=VeriSign Trust Network, OU=Class 2 Managed PKI Individual Subscriber CA, CN=Object Signing CA
Subject: O=Oracle Corporation, OU=Corporate Object Signing, OU=Solaris Signed Execution, CN=Solaris 11
--------------------------------------------------------------------------------

PPAR-ID 2 User Index : 2 name : CUSTOM_CERT_2 [Enable]
--------------------------------------------------------------------------------

Data:
Version: 3 (0x2)
Serial Number:
07:ad:b3:06:99:82:39:db:dd:60:41:44:71:be:aa:70
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Thirdparty Corporation, OU=Thirdparty CA, CN=www.example.com
Subject: O=Thirdparty Corporation, OU=Thirdparty Signed Execution, CN=www.example.com
--------------------------------------------------------------------------------

PPAR-ID 2 User Index : 5 name : CUSTOM_CERT_5 [Enable]
--------------------------------------------------------------------------------

Data:
Version: 3 (0x2)
Serial Number:
07:ad:b3:06:99:82:39:db:dd:60:41:44:71:be:bb:71
Signature Algorithm: sha1WithRSAEncryption
Issuer: C=US, O=Thirdparty Corporation, OU=Thirdparty CA, CN=www.example.com
Subject: O=Thirdparty Corporation, OU=Thirdparty Signed Execution, CN=www.example.com
--------------------------------------------------------------------------------
  1. Execute the exit command to log out from the XSCF shell.
    If you do not have any further work with the XSCF shell, log out from the XSCF. To proceed to configuring another setting, go to the relevant step.

Top of Page