Black Box EncrypTight Manuale Utente
Using Enhanced Security Features
292
EncrypTight User Guide
Enabling and Disabling Strict Authentication
After you have installed certificates on each EncrypTight component, you can enable strict authentication.
Strict authentication is a setting that affects communications between all EncrypTight components. Once
you enable strict authentication on a component, it begins to use certificates to authenticate
communications from devices that attempt to communicate with it. To use strict authentication system-
wide, you must specifically enable it in the EncrypTight software, the ETKMSs, and each PEP in use.
Strict authentication is a setting that affects communications between all EncrypTight components. Once
you enable strict authentication on a component, it begins to use certificates to authenticate
communications from devices that attempt to communicate with it. To use strict authentication system-
wide, you must specifically enable it in the EncrypTight software, the ETKMSs, and each PEP in use.
To enable strict authentication in the EncrypTight software:
1 In EncrypTight, select Edit > Preferences.
2 Click ETEMS to expand the tree, and then click Communications.
3 Click Use Strict Certificate Authentication for XML/RPC.
4 Click OK.
1 In EncrypTight, select Edit > Preferences.
2 Click ETEMS to expand the tree, and then click Communications.
3 Click Use Strict Certificate Authentication for XML/RPC.
4 Click OK.
To enable strict authentication on the ETKMSs, you need to edit the ETKMS properties file. The ETKMS
properties file
properties file
kdist.properties
is located in the
/opt/etkms/conf
directory.
To enable strict authentication on the ETKMS:
1 Log in directly on the ETKMS as root, or open an SSH session and su to root.
2 Edit the
1 Log in directly on the ETKMS as root, or open an SSH session and su to root.
2 Edit the
kdist.properties
file and set the
strictCertificateAuth
property to true. For
example:
strictCertificateAuth=true
3 Save and close the file.
4 At the command line type
4 At the command line type
service etkms restart
To enable strict authentication on PEPs:
1 For each PEP, in the Appliance Manager, right-click on the PEP and select Configuration.
2 In the Configuration editor, click the Features tab.
3 Click Enable Strict Client Authentication.
4 Click OK to close the warning message.
5 Click OK to save and close the editor.
6 Select all of the PEPs that you changed.
7 Click Put Configuration.
1 For each PEP, in the Appliance Manager, right-click on the PEP and select Configuration.
2 In the Configuration editor, click the Features tab.
3 Click Enable Strict Client Authentication.
4 Click OK to close the warning message.
5 Click OK to save and close the editor.
6 Select all of the PEPs that you changed.
7 Click Put Configuration.
Ignore Failure to Respond
Not receiving a response does not indicate that a certificate has
expired or that it has been revoked. This option allows the ETEP to
proceed when a response to an OCSP query is not received in a
timely manner. The default is to ignore the failure to respond.
Check Certificate Chain
When checked, this option instructs the ETEP to use OCSP to
check the validity of every certificate in the responder’s chain of
trust. The default is unchecked.
OCSP URL
Specifies the URL to use for the OCSP responder.
Table 81
OCSP Settings
Option
Description