Black Box ET0010A User Manual

Modifying Communication Preferences

EncrypTight User Guide

3 In the Communications window, modify any of the communication preferences (see

Table 24

and

Table 25

4 Do one of the following:

●

Click Apply to set the new value.

●

Click Restore Defaults to reset the timeout to the factory setting.

5 Click OK.

Table 24

General communication preferences

Preference

Description

Communication

timeout

Sets the amount of time that ETEMS waits for a response from an appliance

during a standard communication attempt (refreshing status, comparing

configurations, loading configurations). The valid range is 1-180 seconds.

Software upgrade

timeout

Sets the amount of time that ETEMS allows for a software upgrade on an

appliance to complete. The valid range is 60-1,296,000 seconds (15 days).

Use TLS

By default, ETEMS uses TLS to encrypt communications between the

management workstation and the appliance’s management port. When TLS

is enabled, communication between ETEMS and the appliance is encrypted.
If you are managing ETEP appliances, TLS must be enabled. ETEMS

cannot communication with the ETEP when TLS is disabled.

Table 25

Strict authentication communication preferences

Use Strict Certificate

Authentication

When enabled, all management communications between EncrypTight

components is authenticated using certificates. EncrypTight can use TLS

with encryption only, or TLS with encryption and strict authentication for

added security. For more information about strict authentication, see

“Using

Enhanced Security Features” on page 261

Enable Online

Certificate Status

Protocol (OCSP)

When enabled, EncrypTight uses the online certificate status protocol

(OCSP) to check the validity of certificates. OCSP is an alternative to using

CRLs. For more information about OCSP, see

“Validating Certificates Using

OCSP” on page 289

OCSP Responder

Certificate

Distinguished Name

Specifies the subject name of the certificate for the OCSP responder.

Verify OCSP

Responder

Verifies OCSP responses by authenticating the response message with the

installed certificate. To use this option, you must install the certificate from

the OCSP responder.

Ignore Failure to

Respond

When checked, this option allows ETEMS to accept a certificate even when

a response to an OCSP query is not received in a timely manner.

Revert to CRL on

OCSP Responder

Failure

When checked, if EncrypTight does not receive a reply from the OCSP

responder or it cannot be reached, EncrypTight reads the certificate to

determine the location of a CRL and uses that instead of OCSP to validate

the certificate. In this case, if the CRL cannot be accessed, authentication

fails.

Check OCSP

Responder Certificate

Chain

When checked, this option specifies that ETEMS should check every

certificate in the responder’s chain of trust.

OCSP URL

Specifies a URL to use for the OCSP responder. This option overrides the

URL that may be included in the certificate.