Black Box ET0010A User Manual

Using Enhanced Security Features

272

EncrypTight User Guide

For both the workstation running the EncrypTight software and the ETKMS, use the keytool utility to 
request and install certificates. The keytool utility is a Java-based utility for key and certificate 
management. A complete discussion of using the keytool utility is beyond the scope of this guide. You 
can find additional information on the Internet. 

On each EncrypTight component, encryption keys and certificates are stored in the keystore. The location 
of the keytool utility and the keystore depends on the component with which you are working.

●

On the management workstation, keytool is located in 

<installDir>\jre\bin

 where 

<installDir>

 is the directory where you installed the EncrypTight software. By default, keys are 

stored in the keystore located in the 

<installDir>\cvConfig\keys 

directory.

●

On the ETKMS, keytool is located in 

/usr/java/latest/bin/keytool

 and the keystore is located 

in 

/opt/etkms/keys

. 

You need to follow the procedures in this section for both the management workstation and the ETKMS. 
Before proceeding, you should change the default password for the keystore (see 

). If your organization uses the certificate policies extension for certificates, you 

also need to specify what values are valid for this extension on each device (see 

If you plan to use a CA certificate as an external certificate for validation, obtain a copy of the CA 
certificate before you begin. You will receive a .PEM or .DER file that you can import into the keystore 
on the devices with which you work.

This section includes the following topics:

●

●

●

●

●

To request a certificate from a CA, you must first generate a public/private key pair. This procedure 
essentially creates a self-signed certificate and places it in the keystore.