Black Box ET0010A User Manual

Using a Common Access Card

EncrypTight User Guide

295

5 Add the authorized common names to the cnAuth.cfg file on the ETKMS. For instructions, see 

6 Enable strict authentication and Common Access Card Authentication on the ETKMS. For more 

information, see 

.

7 Enable strict authentication and Common Access Card Authentication in the EncrypTight software.

When the EncrypTight software initiates communication with the ETEPs and the ETKMS, it includes the 
common name read from the identity certificate provided by the CAC. 

When Common Access Card Authentication is enabled, you must configure the common name for each 
EncrypTight user account and for each ETEP user account. The common names also need to be added to 
the ETKMSs and backup ETKMSs that you use.

The common name field in the user account must match the common name used for the certificate. You 
can configure this field when you add new users (if Common Access Card Authentication is enabled) or 
later by editing the user account of an existing user. 

For information about working with user accounts, see:

●

●

User account management on the ETKMS is an operating system function that does not interact with the 
EncrypTight system. However, you need to add the common names to a list on the ETKMS. 

To add common names to the ETKMS:
1 Using a text editor, open the file 

cnAuth.cfg

, which is located in:

/opt/etkms/keys

2 Add the authorized common names and save the file. Make sure you include the common names for 

the certificates used by any peer ETKMSs and backup ETKMSs.

You must enable Common Access Card Authentication on each ETEP, the ETKMS, and in the 
EncrypTight software.