Manualshelf

User guide

ManualsBrandsJuniper ManualsNetworkingSA6500 FIPS
21222324252627282930
To create a new security world on a stand-alone Secure Access:
1. Insert an un-formatted smart card or an administrator card containing data that you
can safely overwrite into the card slot with the card contacts facing up.
2. Set the mode switch on the cryptographic module to I (initialization mode).
3. Access the Secure Access serial console and reboot the Secure Access device. After
the Secure Access device reboots, you are prompted on the serial console with the
following question: Do you want to use the currently installed security world (y/n)?
4. Perform one of the following:
If you want to create a new security world, then:
a. Enter n and press Enter.
b. You are asked to confirm this choice with the prompt "Are you sure you want to
delete your existing Security World (including server certificates) (y/n)?". If you
choose to continue enter y and press Enter.
c. Enter the number of administrator cards you want to create and press Enter.
d. Enter y and press Enter to confirm the number of cards you want to create.
If you want to use the currently installed security world, then:
a. Enter y and press Enter.
b. Proceed to the next numbered step in this procedure.
5. Reset the cryptographic module’s mode switch to O (operational mode).
6. Add the common name and company name when prompted. The system uses the
existing self-signed certificate temporarily.
7. Create a new device certificate that shares the new security worlds private key.
WARNING: You must obtain one or more new server certificates from your
CA whenever you create a new security world.
Creating a Security World in a Clustered Environment
To create a new security world in a clustered environment:
1. Sign in to the admin console of a cluster node. To access a node’s admin console,
enter its internal IP address followed by “/admin” in a browser. For example:
https://x.x.x.x/admin
2. On the System > Clustering > Status tab, select the checkbox for all nodes other than
the current node in the Cluster Members column and then click Disable.
3. Initialize the cluster member with a security world. If this is the first node in the cluster,
create a new security world.
Copyright © 2012, Juniper Networks, Inc.18
SA Series 4500, 6500, and FIPS Appliances