test

SunScreen 3.2 Installation Guide

Creating the Certificate on the Screen

After installing the required software packages on the Screen, you continue the process by creating the Screen's SKIP certificate, as described in the following sections

Note -

Both the Administration Station and the Screen need certificates before encrypted communication can begin.

To Create the SKIP UDH Self-Generated Certificate on the Screen

  1. In the Select Certificate Type window, accept the default entry and click Next to continue.

    The Self Generated Certificate ID window appears where you type the Administration Station's certificate ID.

  2. In the Self Generated Certificate ID window, type the Administration Station's certificate ID (do not type the leading 'Ox') in the text entry field and click Next to continue.

    The Select Administration SKIP Key Length window appears with 4096-bit key length as the default.

    Note -

    The Screen's key length must match the UDH self-generated certificate key length you created previously for the Administration Station (see "Creating the Certificate on the Administration Station"). You must specify the Administration Station's key in the SKIP Key Length window if it is less than the 4096-bit default key length.

  3. After selecting the appropriate key length, click Next to continue.

    The Generate Screen Certificate window appears and displays the Screen's generated SKIP certificate key ID.

  4. In the Generate Screen Certificate window, click Next to continue.

    The Select Administrative Interface window appears listing the configured interfaces available for administration.

  5. After selecting the appropriate administrative interface, click Next to continue.

    The Name Service window appears with both NIS and DNS name services selected as the default.

  6. After selecting the appropriate name services, click Next to continue.

    The Verify Configuration window appears.

  7. After verifying that the information is correct, click Configure Now to continue.

    The Screen Configuration window appears and instructs you, upon a successful configuration, to consult the /etc/sunscreen/AdminSetup.readme file on the Screen for instructions on completing the Administration Station setup.

  8. In the Screen Configuration window, click Next to continue.

    The Screen Hardening window appears.

    Caution - Caution -

    Once you harden your Screen, it becomes a dedicated firewall and cannot be used for another purpose without first reinstalling the Solaris software. Hardening automatically removes files and packages that might otherwise make the Screen vulnerable to an attack.

    Clicking Next completes the installation without hardening your Screen. Optionally, to harden your Screen, click the Harden Screen button.

    Note -

    The hardening process can be done later by running the script: /usr/lib/sunscreen/lib/harden_os.

  9. In the Screen Hardening window, click Next to continue.

    The Installation and Configuration Complete window appears and prompts you to reboot your system.

  10. In the Installation and Configuration Complete window, click Reboot Now to complete the installation.

    The installer is dismissed.

    Note -

    To complete the installation process you must reboot the system at this time. If you do not wish to reboot your system, click Next instead of Reboot System.

You are now ready to complete the installation on the Administration Station as described in "Completing the SKIP Certificates Installation Procedure".

To Load the SKIP CA-Issued Certificate on the Screen

  1. Select SKIP CA-Issued Certificate from the Select Certificate Type window (the default is SKIP UDH Certificate) and click Next to continue.

    The Issued Certificate Key Diskettes window appears.

  2. Insert the Administration Station's Key and Certificate diskette into the diskette drive and click Read Diskette.

    Wait until the SKIP CA-issued certificate ID appears at the bottom of the window.

  3. Write down the Administration Station's eight-character certificate ID and click Next to continue.

    This certificate ID is required to complete the Administration Station installation.

  4. Insert the Screen's Certificate ID diskette into the diskette drive and click Read Diskette.

    The SKIP CA-issued certificate ID for the Screen appears at the bottom of the window.

  5. Write down the Screen's eight-character certificate ID and continue to the Screen Configuration window.

  6. To complete the installation, click System Reboot.

    The installer is dismissed.

    Note -

    To complete the installation process you must reboot the system at this time. If you do not wish to reboot your system, click Next instead of Reboot System.

You are now ready to complete the installation on the Administration Station as described in "Completing the SKIP Certificates Installation Procedure".