Black Box ET0010A User Manual

Using Enhanced Security Features

288

EncrypTight User Guide

you must remember to periodically retrieve a copy of the CRL and install it on each of the EncrypTight
components.

NOTE

CRLs are only supported in ETEPs with software version 1.6 or later. You must upgrade ETEPs with
earlier software versions in order to use this feature. To learn more about upgrading the software on
ETEPs, see

“Installing Software Updates” on page 73

Configuring CRL Usage in EncrypTight and the ETKMSs

By default the management workstation and the ETKMS read installed certificates to find the location of
the CRL. You can override this behavior and specify a local directory for the CRL instead.

To use CRLs with the EncrypTight software:
1 On the management workstation, create a directory where you want to store the CRL files.
2 In EncrypTight, select Edit > Preferences.
3 Click ETEMS to expand the tree, and then click Communications (see

Figure 95

4 Click Browse for the CRL File Location option, navigate to the desired directory, and select the

CRL.

5 Click Open.
6 Click OK.

NOTE

This setting does not take effect until you enable strict authentication.

To use CRLs with the ETKMS:
1 Log in as root and create a directory on the ETKMS in which you want to store the CRL.
2 Copy the CRL to the new directory on the ETKMS.
3 Edit the file

/opt/etkms/conf/kdist.properties

and add the following line in the Certificate

Configuration section:

crlPath=/<Directory>

Where

is the full path to the directory you created.

4 Save and close the file.

For example:

# Certificate configuration
strictCertificateAuth=true
crlPath=/opt/etkms/crls

Configuring CRL Usage on ETEPs

You manage CRLs for the ETEPs using the Certificate Manager perspective in the EncrypTight software.