An important prerequisite to installing new certificates is identifying the certificate authority you plan to
use. Your organization may have a standard CA that everyone uses, or you may need to select one for
this particular security application. The information in this chapter assumes that you have established a
relationship with a certificate authority.

In order to follow the procedures discussed in this section and work with certificates in an EncrypTight
system, you need to understand how to do several tasks covered in more detail in other sections. Cross
references to those sections are provided in

Table 67

NOTE

If you plan to operate in FIPS mode, make sure you enable FIPS mode first and push the configuration to
the ETEPs before you begin to install certificates and set up strict authentication. If you enable FIPS mode
after strict authentication has been activated, you will need to reinstall your certificates.

Order of Operations

You should proceed with caution as you enable strict authentication in your deployment. Among the
issues you could encounter are invalid, misconfigured, or expired certificates that cause communication
failures. The following order of operations is recommended:
1 If you plan to operate in FIPS mode, enable FIPS mode on your ETEPs before you make other

changes.

2 Change the keystore password for the EncrypTight software and the ETKMSs.
3 Install certificates and keys on the management workstation and a few PEPs.

Table 67

Prerequisites for Using Certificates with EncrypTight

How to:

Reference:

Navigate and work with ETEMS

“Getting Started with ETEMS” on page 83

Add and configure PEPs

“Provisioning Appliances” on page 95

Access the command line interface on the

ETKMS

“Logging Into the ETKMS” on page 47

Access the command line interface for a PEP