Black Box ET0010A User Manual
Using Certificates in an EncrypTight System
EncrypTight User Guide
265
In usage, you type this string as follows:
-dname “cn=<common name>, ou=<organization unit>, o=<organization name>,
l=<location>, s=<state/province>, c=<country>”
l=<location>, s=<state/province>, c=<country>”
The information must be entered in the order shown. For example:
-dname “cn=John Doe, ou=customer support, o=my company, l=raleigh, s=NC,
c=US”
c=US”
Related topics:
●
●
●
Using Certificates in an EncrypTight System
EncrypTight components ship with self-signed identity certificates. You can continue to use these
certificates, or you can replace them with certificates acquired from a trusted CA. By default,
EncrypTight uses the Transport Layer Security (TLS) protocol for communications between components.
This encrypts communications, but does not automatically provide authentication. If you enable strict
authentication, you can use certificates to authenticate identities and set up encrypted communications for
management traffic between components.
certificates, or you can replace them with certificates acquired from a trusted CA. By default,
EncrypTight uses the Transport Layer Security (TLS) protocol for communications between components.
This encrypts communications, but does not automatically provide authentication. If you enable strict
authentication, you can use certificates to authenticate identities and set up encrypted communications for
management traffic between components.
To authenticate the communications, each component needs one of the following:
●
A copy of the identity certificate for every component with which it communicates.
●
A trusted root CA. EncrypTight components can check up to 10 certificates in a certificate chain.
Manually exporting and installing certificates for a large number of devices can be burdensome. In larger
deployments it is more efficient to use a CA certificate than to install individual certificates for each
component with which a device might need to communicate.
deployments it is more efficient to use a CA certificate than to install individual certificates for each
component with which a device might need to communicate.
When you replace the self-signed certificates, each component in an EncrypTight system needs at least an
identity certificate for itself and a copy of the trusted CA certificate. The CA certificate is used to
validate the identity certificate when communication sessions are initiated. You might also need
certificates for any intermediate CAs in the chain.
identity certificate for itself and a copy of the trusted CA certificate. The CA certificate is used to
validate the identity certificate when communication sessions are initiated. You might also need
certificates for any intermediate CAs in the chain.
You request and install certificates for the EncrypTight software and the ETKMS using the java-based
keytool utility. For the ETEP PEPs, you can use the Certificate Manager perspective in ETEMS to
request and install certificates (for more information, see
keytool utility. For the ETEP PEPs, you can use the Certificate Manager perspective in ETEMS to
request and install certificates (for more information, see
).
Related topics:
●
●
●
●
●