Manualshelf

User guide

ManualsBrandsJuniper ManualsNetworkingSA6500 FIPS
41424344454647484950
To reinitialize the keystore from a stand-alone node:
1. Reboot the stand-alone node.
During the boot process, you are prompted to re-initialize the keystore.
2. Press y to delete the current keystore and server certificates.
NOTE: If you do not press y within 10 seconds, the appliance will proceed to
boot normally.
To reinitialize the keystore from a cluster:
1. Reboot a node within the cluster.
During the boot process, you are prompted to re-initialize the keystore.
2. Press y to delete the current keystore and server certificates. A new keystore is
initialized.
NOTE: If you do not press y within 10 seconds, the appliance will proceed
to boot normally.
3. On the node that you rebooted, open the cluster status page in the admin console
and wait for all nodes to exit from the “Transitioning” state.
4. For all other nodes in the cluster, connect to the serial console and enter 9 to select
FIPS Options and then 1 to select Complete import of keystore and server certificates.
5. Enter the restore password when prompted.
Related
Documentation
FIPS Overview on page 9
Binary Importing and Exporting of the Keystore
Select Maintenance > Import/Export from the admin console to import and export the
keystore. You can do this from a stand-alone node or from a node within a cluster. The
keystore is exported as part of the system settings configuration file. Safely store the
restore password associated with the archived keystore as you will need it for various
FIPS operations. If you forget the restore password you can create a new one from the
serial console and then re-export the configuration.
To import the keystore, select the Import Key Store and Device Certificate(s) checkbox
and import your configuration. After the import process has completed, open a serial
console for that FIPS appliance and enter 9 for FIPS Options and then 1 to select Complete
import of keystore and server certificates. If the keystore is different from the one installed
on the HSM you will be prompted for the keystore’s restore password.
Copyright © 2012, Juniper Networks, Inc.32
SA Series 4500, 6500, and FIPS Appliances