Installing the Administration Station

You can install the required SunScreen 3.1 packages on the Administration Station using pkgadd to install the software. After you install the Administration packages, you must set up your certificate environment.

To Install the Software on the Administration Station

1. Open a terminal window on the Administration Station and become root.

2. Insert the SunScreen CD-ROM into the Administration Station's CD-ROM drive.

3. Add the software by typing:

   For SPARC systems: # pkgadd -d /cdrom/cdrom0/sparc For Intel systems: # pkgadd -d /cdrom/cdrom0/i386

   For SPARC systems, you are prompted with a menu of packages to install:

   The following packages are available: 1 NSCPcom Netscape Communicator (sparc) 20.4.70,REV=1999.08.20.17.43 2 SUNWbdc SKIP Bulk Data Crypt (sparc) 1.5.1 3 SUNWbdcx SKIP Bulk Data Crypt (64-bit) (sparc) 1.5.1 4 SUNWdes SKIP DES Crypto Module (sparc) 1.5.1 5 SUNWdesx SKIP DES Crypto Module (64-bit) (sparc) 1.5.1 6 SUNWdthj HotJava Browser for Solaris (sparc) 1.1.5,REV=1998.12.03 7 SUNWdtnsc Netscape Componentization Support for CDE (sparc) 1.0,REV=1999.06.14.15.50 8 SUNWes SKIP End System (sparc) 1.5.1 9 SUNWesx SKIP End System (64-bit) (sparc) 1.5.1 10 SUNWfwcnv SunScreen Firewall conversion (sparc) 3.1 11 SUNWhttp Sun WebServer daemon and supporting binaries (sparc) 2.0 12 SUNWicgSA SunScreen Administration Software (sparc) 3.1 13 SUNWicgSD SunScreen online documentation (sparc) 3.1 14 SUNWicgSF SunScreen full function (sparc) 3.1 15 SUNWicgSM SunScreen man pages (sparc) 3.1 16 SUNWicgSS SunScreen Firewall (sparc) 3.1 17 SUNWkeymg SKIP Key Manager Tools (sparc) 1.5.1 18 SUNWkusup SKIP U-Support module (sparc) 1.5.1 19 SUNWrc2 SKIP RC2 Crypto Module (sparc) 1.5.1 20 SUNWrc4 SKIP RC4 Crypto Module (sparc) 1.5.1 21 SUNWrc4x SKIP RC4 Crypto Module (64-bit) (sparc) 1.5.1 22 SUNWsman SKIP Man Pages (sparc) 1.5.1 Select package(s) you wish to process (or 'all' to process all packages). (default: all) [?,??,q]:

   For Intel systems, you are prompted with a menu of packages to install:

   The following packages are available: 1 NSCPcom Netscape Communicator (i386) 20.4.70,REV=1999.08.20.17.56 2 SUNWbdc SKIP Bulk Data Crypt (i386) 1.5.1 3 SUNWdes SKIP DES Crypto Module (i386) 1.5.1 4 SUNWdthj HotJava Browser for Solaris (i386) 1.1.5,REV=1998.12.03 5 SUNWdtnsc Netscape Componentization Support for CDE (i386) 1.0,REV=1999.06.14.15.53 6 SUNWes SKIP End System (i386) 1.5.1 7 SUNWfwcnv SunScreen Firewall conversion (i386) 3.1 8 SUNWhttp Sun WebServer daemon and supporting binaries (i386) 2.0 9 SUNWicgSA SunScreen Administration Software (i386) 3.1 10 SUNWicgSD SunScreen online documentation (i386) 3.1 11 SUNWicgSF SunScreen full function (i386) 3.1 12 SUNWicgSM SunScreen man pages (i386) 3.1 13 SUNWicgSS SunScreen Firewall (i386) 3.1 14 SUNWkeymg SKIP Key Manager Tools (i386) 1.5.1 15 SUNWkusup SKIP U-Support module (i386) 1.5.1 16 SUNWrc2 SKIP RC2 Crypto Module (i386) 1.5.1 17 SUNWrc4 SKIP RC4 Crypto Module (i386) 1.5.1 18 SUNWsman SKIP Man Pages (i386) 1.5.1

4. For a minimum SPARC installation, type: 2-5, 8-9, 12, 17-21. For a minimum Intel installation, type: 2-3, 6, 9, 14-17.

5. Follow the program prompts, answering all the questions with y.

   When completed, you return to the same menu of packages.

6. Enter q to quit pkgadd.

7. Set the PATH and MANPATH by editing your shell initialization file (such as .profile or.login file).

   1. Set the PATH for the Bourne shell by typing:

      PATH=/opt/SUNWicg/SunScreen/bin:$PATH

      export PATH

   2. Set the MANPATH for the Bourne shell by typing:

      MANPATH=$MANPATH:/opt/SUNWicg/SunScreen/man

      export MANPATH

8. Eject the CD-ROM from the CD-ROM drive by typing:

   # eject cdrom0

9. Install any SKIP upgrades (see "Upgrading Cryptography Modules").

10. Reboot by typing:

    # sync; init 6

The software packages have been installed. You continue the installation process on the Administration Station.

To Install Administration Station Certificates

1. To obtain encrypted communication between the Administration Station and the Screen, certificates must be installed on both machines. This can be done by either using self-generated certificates or by installing issued certificates. Both methods are done on the Administration Station.

To Create a Self-Generated Certificate on the Administration Station

1. Open a terminal window and create the required SKIP directories by typing:

   # skiplocal -i

2. Create the self-generated certificate on the Administration Station by typing:

   # skiplocal -k -f -V

   The local certificate ID appears. It is the Administration Station's 32-character certificate ID (MKID).

3. Write down the certificate ID, which begins with `Ox.'

4. Add SKIP to all the interfaces by typing:

   # skipif -a

5. Reboot to complete the installation by typing:

   # sync; init 6

The Administration Station's certificate ID has been generated. You next move to the Screen to install the SunScreen software.

To Install an Issued Certificate on the Administration Station

To do this procedure, you will need the Key and Certificate diskette.

1. Open a terminal window on the Administration Station and become root.

2. Create the required SKIP directories by typing:

   # skiplocal -i

3. Insert the Key and Certificate diskette into the Administration Station's diskette drive.

4. Install the SKIP keys by typing:

   # install_skip_keys -icg /floppy/floppy0

5. Start the SKIP daemon by typing:

   # skipd_restart

6. Eject the Key and Certificate diskette by typing:

   # eject floppy0

7. Write down the certificate ID, which is eight characters long.

8. Add SKIP to all the interfaces by typing:

   # skipif -a

9. Reboot to complete the installation by typing:

   # sync; init 6

   The Administration Station's certificate ID has been installed. You next move to the Screen to install the SunScreen software.