SunScreen EFS Release 3.0 Installation Guide

Installing Certificates on the Administration Station

To obtain encrypted communication between the Administration Station and the Screen, certificates must be installed on both machines. This can be done by either using self-generated certificates or by installing issued certificates. Both methods are done on the Administration Station.

If you are using self-generated certificates, use Option 1. If you are using issued certificates, use Option 2.

Option 1: To Create a Self-Generated Certificate on the on the Administration Station
  1. Open a terminal window and create the required SKIP directories by typing:


    # skiplocal -i
    

  2. Create the self-generated certificate on the Administration Station by typing:


    # skiplocal -k -f -V
    

    The local certificate ID appears, as shown in Figure 5-10. It is the Administration Station's 32-character certificate ID (MKID).

    Figure 5-10 Administration Station's Self-Generated Certificate

    Graphic

  3. Write down the certificate ID, beginning with Ox.

  4. Add SKIP to all the interfaces by typing:


    # skipif -a
    

  5. Reboot to complete the installation by typing:


    # sync; init 6
    

    The Administration Station's certificate ID has been generated. You next move to the Screen to install the SunScreen software. Continue to the section, "Installing the Software on the Screen".

Option 2: To Install the Issued Certificate on the Administration Station

To do this procedure, you will need the Key and Certificate diskette.

  1. Open a terminal window on the Administration Station and become root.


    Caution - Caution -

    Ensure that the OpenWindows File Manager is not running because it interferes with the operation of the volcheck command used for installation.


  2. Create the required SKIP directories by typing:


    # skiplocal -i
    

  3. Insert the Key and Certificate diskette into the Administration Station's floppy drive.

  4. Mount the floppy by typing:


    # volcheck
    

  5. Install the SKIP keys by typing:


    # install_skip_keys -icg /floppy/floppy0
    

  6. Start the SKIP daemon by typing:


    # skipd_restart
    

  7. Eject the Key and Certificate diskette by typing:


    # eject floppy0
    

  8. Write down the certificate ID, which is eight characters long.

  9. Add SKIP to all the interfaces by typing:


    # skipif -a
    

  10. Reboot to complete the installation by typing:


    # sync; init 6
    

The Administration Station's certificate ID has been installed. You next move to the Screen to install the SunScreen software.