SunScreen 3.1 Configuration Examples

Detailed Routing-Mode Installation

Before you begin, verify that the Administration Station (hk-host3) can ping the Screen (hk-screen1). The following procedures are performed as root:

  1. On Administration Station hk-host3, run the Solaris Web Start Wizards installer to install the SunScreen software.

See the SunScreen 3.1 Installation Guide for information regarding which browsers are supported for SunScreen. Also check the SunScreen 3.1 Release Notes, which may show additional supported browsers .

If you are installing the software on a system without a console, use the command line installation as described in Appendix A in the SunScreen 3.1 Installation Guide.

  1. On Administration Station hk-host3, generate a local certificate ID and set up SunScreen SKIP as described in the following steps:

    1. Initialize the SunScreen SKIP directories by typing:


      #  skiplocal -i
      
    2. Generate the certificate ID by typing:


      # skiplocal -k
      

      Because the output of skiplocal -k is verbose, use the command shown in the next step, skiplocal -l, to list the certificate ID just created in a more clearly understood format.

    3. List the certificate ID just created by typing:


      # skiplocal -l
      
    4. Write down the certificate ID for use when installing the SunScreen software on the Screen, for example:


      c590723af78f869118cd35dee50680a6
    5. Add SunScreen SKIP to all the interfaces by typing:


      # skipif -a
      
    6. Reboot the system.

  2. On Screen hk-screen1, run the Solaris Web Start Wizards installer to install the SunScreen software.

    Using the command line to install the software is documented in Appendix A in the SunScreen 3.1 Installation Guide.

    1. Use the Administration Station's certificate ID created in Step 2, when requested.

    2. Write down the Screen's certificate ID for use in the following step.

    3. Reboot the Screen upon completion.

  3. On Administration Station hk-host3, load the Screen's certificate ID using the skiptool GUI.


    Note -

    This step can also be done using the skiphost command as described in the file /etc/opt/SUNWicg/SunScreen/AdminSetup.readme.


    1. Launch the skiptool GUI by typing:


      # skiptool
      
    2. Click the Add button under Host and choose Off.

    3. Type `default' as the hostname and click Apply.

    4. Click the Add button under Host and choose SKIP.

    5. Type the following information:

      screenname ( hk-screen1) as hostname MD5 for Remote Key ID with the Screen's certificate ID as the ID MD5 for Local Key ID with the Administration Station's certificate ID as the ID Default values for key, traffic, and authentication algorithms

    6. Verify that Access Control is set to `enabled.'

    7. Select save from the file menu to make your changes permanent.

      Enabling SunScreen SKIP allows the Administration Station to begin encrypted communication to the Screen.

  4. On host hk-host3, the Administration Station, verify that remote administration from a browser is working to Screen hk-screen1 by typing:


    http://hk-screen1:3852
    

    The SunScreen log-in screen for Screen hk-screen1 appears.

For a more detailed explanation regarding installing in routing mode, refer to the SunScreen 3.1 Installation Guide.