Black Box ET0010A User Manual
Modifying EncrypTight Timing Parameters
EncrypTight User Guide
249
●
For ETPM to ETKMS communications errors, check the ETEMS or ETPM application log for an
error entry as described in
error entry as described in
.
●
For ETKMS to PEP communications errors, check the ETKMS log files as described in
.
Modifying EncrypTight Timing Parameters
Depending on the deployment, the default timing parameters for communications between EncrypTight
components may need to be adjusted. These include parameters that control how long the ETPM waits
for replies from the ETKMS, as well as how long the ETKMS waits for replies from the PEPs. Other
timing parameters exist as well.
components may need to be adjusted. These include parameters that control how long the ETPM waits
for replies from the ETKMS, as well as how long the ETKMS waits for replies from the PEPs. Other
timing parameters exist as well.
The amount of time that ETPM waits for a response from a ETKMS during a policy deployment can be
changed by setting a value in the
changed by setting a value in the
config.ini
file. This file is located in the
configuration
directory
inside the ETEMS installation directory. To change the value, add or edit the following line:
maxRetryWaitTime=xxx
Where xxx is the number of seconds that ETPM waits for a reply from a ETKMS. The default value is 6
minutes (360 seconds). The
minutes (360 seconds). The
maxRetryWaitTime
for ETPM should be set to a value at least 1 or 2
minutes longer than the value of the
retryStatusCheckTime
parameter on the ETKMS. This ensures
that ETPM will wait for a reply from the ETKMS at least as long as the ETKMS waits for replies from
the PEPs.
the PEPs.
To set the
retryStatusCheckTime
parameter, edit the
kdist.properties
file. On an external
ETKMS the file is located in the
/opt/etkms/conf
directory; on the local ETKMS it is located in
\tools\ETKMS\bin
(relative to the install directory). For information on timing parameters for a
ETKMS, see
.
Certificate Implementation Errors
When you use certificates for TLS communications between the ETPM and the ETKMSs and between
the ETKMSs and the PEPs, you might encounter the following problems.
the ETKMSs and the PEPs, you might encounter the following problems.
●
Cannot communicate with a PEP
●
Keystore password might not be correct
●
Certificates might not be valid yet
●
Certificate might be missing or uninstalled
These errors can occur when you start the ETKMS server or when ETPM first tries to communicate with
the PEP.
the PEP.
Cannot Communicate with PEP
If you attempt to add a new PEP to the ETEMS Appliance Manager after strict authentication is enabled
in the EncrypTight software, you will receive a communications error. When strict authentication is
enabled, the EncrypTight software cannot communicate with appliances that do not have the appropriate
certificates.
in the EncrypTight software, you will receive a communications error. When strict authentication is
enabled, the EncrypTight software cannot communicate with appliances that do not have the appropriate
certificates.