Black Box ET0010A User Manual
Using Enhanced Security Features
294
EncrypTight User Guide
To remove certificates:
1 If necessary, switch to the Certificate Manager and select the ETEPs whose certificates you want to
1 If necessary, switch to the Certificate Manager and select the ETEPs whose certificates you want to
remove.
2 Select Tools > Clear Certificates.
3 Click OK when you are prompted for confirmation.
4 Click OK at the message informing you that the connection was reset.
3 Click OK when you are prompted for confirmation.
4 Click OK at the message informing you that the connection was reset.
CAUTION
Do not use this function if strict authentication is enabled. Doing so can cause errors and prevent
communication between the management workstation and the appliance. Disable strict authentication first
and then remove the certificates.
communication between the management workstation and the appliance. Disable strict authentication first
and then remove the certificates.
Using a Common Access Card
The EncrypTight system supports the use of smart cards such as the DoD Common Access Card (CAC).
Using a CAC provides user authorization in addition to certificate-based authentication. When you use a
CAC, EncrypTight components use the certificates installed on the card to determine if a user is
authorized to perform a specific action. In order to access the system, every user must have an authorized
CAC.
Using a CAC provides user authorization in addition to certificate-based authentication. When you use a
CAC, EncrypTight components use the certificates installed on the card to determine if a user is
authorized to perform a specific action. In order to access the system, every user must have an authorized
CAC.
A smart card reader is connected to the management workstation. To access the workstation, you must
insert a CAC into the reader. The EncrypTight software reads the identity certificate on the CAC, as well
as any trusted root or intermediate certificates. When the EncrypTight software communicates with other
EncrypTight components, the common name field from the identity certificate is included in the
communications. If the common name used in the communications is on the access list, the operation is
allowed.
insert a CAC into the reader. The EncrypTight software reads the identity certificate on the CAC, as well
as any trusted root or intermediate certificates. When the EncrypTight software communicates with other
EncrypTight components, the common name field from the identity certificate is included in the
communications. If the common name used in the communications is on the access list, the operation is
allowed.
ActivClient must be installed on the management workstation and configured properly for your
environment.
environment.
Each component in the system must maintain a list of authorized users. Communications that do not use
an authorized common name and a valid certificate are rejected.
an authorized common name and a valid certificate are rejected.
Setting up the EncrypTight system to use a CAC involves several tasks:
1 Install certificates on all EncrypTight components.
This includes the EncrypTight software, the ETKMSs, and the ETEPs. For detailed information and
links to the relevant procedures, see
links to the relevant procedures, see
earlier in this chapter.
2 Enable strict authentication on the ETEPs. For more information, see
.
3 Enable Common Access Card Authentication on the ETEPs. For more information, see
.
4 Add common names to the existing user accounts on the ETEPs, or add new user accounts with
common names. You also need to add a user account with a common name for each ETKMS.
For more information, see
For more information, see
and