MAG-CM060 SSO with a Self-Signed Certificate

I am posting this because although Juniper Networks does provide very detailed instructions on how to configure SSO with a valid certificate issued from a certificate authority, a customer recently wanted me to configure SSO without a valid certificate. Here is how I did it:

1. From operational mode in the MAG-CM060, enter the following commands:
1. request security pki generate-key-pair certificate-id MY-CERT size 1024 type rsa
2. request security pki local-certificate generate-self-signed certificate-id MY-CERT domain-name domain.com email test@domain.com ip-address 10.1.1.10 subject CN=10.1.1.10,O=Test
2. From configuration mode in the MAG-CM060, enter the following commands:
1. set system services ftp
2. set system services web-management http port 80 interface em0.0
3. set system services web-management https port 443 interface em0.0 pki-local-certificate MY-CERT
4. commit
3. Using your favorite FTP program, connect to the MAG-CM060 and copy the certificate you created, which is located in /var/db/certs/common/local/MY-CERT.cert, to the location of your choice on your computer.
4. From within the administrator GUI of the MAG Service Module (i.e. MAG-SM60), perform the following steps:
1. Navigate to Authentication->Auth. Servers->Chassis Auth Server
2. Select Choose File under Upload Certificate, and upload the certificate you copied off of the MAG-CM060.
3. Click Save
5. Lastly, ensure that the date/time settings are the same on both the MAG-CM060 and the Service Module:
1. From operational mode on the MAG-CM060, enter the following command:
1. set date...
2. From the Dashboard in the GUI of the Service Module:
1. Click Edit next to System Date & Time

Enjoy!