SunScreen 3.2 Installation Guide

Creating the SKIP Certificate on the Screen

After installing the required software packages on the Screen, you continue the process by creating the Screen's SKIP certificate, as described in the following procedures

Note -

Both the Administration Station and the Screen need certificates before encrypted communication can begin.

To Create the SKIP UDH Self-Generated Certificate on the Screen
  1. In the Select Certificate Type window, accept the default entry and click Next to continue.

    The Self Generated Certificate ID window appears.

  2. In the Self Generated Certificate ID window, type the Administration Station's certificate ID (do not type the leading 'Ox') in the text entry field and click Next to continue.

    The Select Administration SKIP Key Length window appears with 4096-bit key length as the default.

    Note -

    The Screen's key length must match the UDH self-generated certificate key length you created previously for the Administration Station (see "Creating the Certificate on the Administration Station"). You must specify the Administration Station's key in the SKIP Key Length window if it is less than the 4096-bit default key length.

  3. After selecting the appropriate key length, click Next to continue.

    The Generate Screen Certificate window appears and displays the Screen's generated SKIP certificate key ID.

  4. In the Generate Screen Certificate window, click Next to continue.

    The Security Level window appears with Permissive as the default entry.

    Note -

    The security levels are: Permissive, the default, allows almost all traffic through; Secure restricts access to the Screen but allows connections from the Screen; and Restrictive only allows encrypted administration traffic to the remote Administration Station. You can change an initial security level later, as needed. See "Defining Security Policies" in the SunScreen 3.2 Installation Guide.

  5. After selecting the appropriate security level, click Next to continue.

    The Name Service window appears with both NIS and DNS name services selected as the default.

  6. After selecting the appropriate name services, click Next to continue.

    The Verify Configuration window appears.

  7. After verifying that the information is correct, click Configure Now to continue.

    The Screen Configuration window appears and instructs you, upon a successful configuration, to consult the /etc/sunscreen/AdminSetup.readme file on the Screen for instructions on completing the Administration Station setup.

  8. In the Screen Configuration window, click Next to continue.

    The Installation and Configuration Complete window appears and prompts you to reboot your system.

  9. In the Installation and Configuration Complete window, click Reboot Now to complete the installation.

    The installer is dismissed.

    Note -

    To complete the installation process you must reboot the system at this time. If you do not wish to reboot your system, click Next instead of Reboot System.

You are now ready to complete the installation on the Administration Station as described in "Completing the SKIP Certificates Installation Procedure".

To Load the SKIP CA-Issued Certificate on the Screen
  1. Select SKIP CA-Issued Certificate from the Select Certificate Type window (the default is SKIP UDH Certificate) and click Next to continue.

    The Issued Certificate Key Diskettes window appears.

  2. Insert the Administration Station's Key and Certificate diskette into the diskette drive and click Read Diskette.

    Wait until the SKIP CA-issued certificate ID appears at the bottom of the window.

  3. Write down the Administration Station's eight-character certificate ID and click Next to continue.

    This certificate ID is required to complete the Administration Station installation.

  4. Insert the Screen's Certificate ID diskette into the diskette drive and click Read Diskette.

    The SKIP CA-issued certificate ID for the Screen appears at the bottom of the window.

  5. Write down the Screen's eight-character certificate ID and continue to the Select Initial Security Level window.

    Note -

    The security levels are: Permissive, the default, allows almost all traffic through; Secure restricts access to the Screen but allows connections from the Screen; and Restrictive only allows encrypted administration traffic to the remote Administration Station. You can change an initial security level later, as needed. See "Defining Security Policies" in the SunScreen 3.2 Installation Guide.

  6. After selecting the appropriate security level, click Next to continue.

    The Name Service window appears .

  7. After selecting the appropriate name services, click Next to continue.

    The Screen Configuration window appears and instructs you, upon a successful configuration, to consult the /etc/sunscreen/AdminSetup.readme file on the Screen for instructions on completing the Administration Station setup.

  8. In the Screen Configuration window, click Next to continue.

    The Reboot System window appears.

  9. To complete the installation, click System Reboot.

    The installer is dismissed.

    Note -

    To complete the installation process you must reboot the system at this time. If you do not wish to reboot your system, click Next instead of Reboot System.

To complete the installation and establish encrypted communication between the Administration Station and the Screen using SKIP certificate technology, you load the Screen's SKIP certificate information on the Administration Station, as described in the following procedure.