Black Box ET0010A User Manual
Using Enhanced Security Features
296
EncrypTight User Guide
To enable CAC Authentication on the ETEP:
1 Verify that strict authentication is enabled on the ETEP. If strict authentication is not enabled when
1 Verify that strict authentication is enabled on the ETEP. If strict authentication is not enabled when
you enable Common Access Card Authentication, you can lose the ability to communicate with the
ETEP.
ETEP.
2 In the Appliance Manager, right-click on the ETEP and select Configuration from the shortcut menu.
3 Click the Advanced tab.
4 Click XML-RPC Certificate Authentication.
5 Click OK.
6 Push the configuration to the ETEP.
3 Click the Advanced tab.
4 Click XML-RPC Certificate Authentication.
5 Click OK.
6 Push the configuration to the ETEP.
To enable CAC Authentication on the ETKMS:
1 Log in directly on the ETKMS as root, or open an SSH session and su to root.
2 Edit the
1 Log in directly on the ETKMS as root, or open an SSH session and su to root.
2 Edit the
kdist.properties
file and add or edit the following lines:
enableCNAuthCheck=true
cnAuthFilePath=../keys/cnAuth.cfg
cnAuthFilePath=../keys/cnAuth.cfg
3 Save and close the file.
4 Repeat steps 1 to 3 on the backup ETKMS.
4 Repeat steps 1 to 3 on the backup ETKMS.
NOTE
●
If you use a backup ETKMS, you also need to add the common name for the certificate used by the
backup ETKMS to the list on the primary ETKMS and vice-versa.
backup ETKMS to the list on the primary ETKMS and vice-versa.
●
You must also enable strict authentication by including the line strictCertificateAuth=true.
To enable CAC Authentication in EncrypTight:
1 In the EncrypTight software, choose Edit > Preferences.
2 In the tree, expand the ETEMS item.
3 In the tree, click Login.
4 Click Enable Common Access Card Authentication.
5 Click OK.
1 In the EncrypTight software, choose Edit > Preferences.
2 In the tree, expand the ETEMS item.
3 In the tree, click Login.
4 Click Enable Common Access Card Authentication.
5 Click OK.
When Common Access Card Authentication is enabled, you must insert a valid CAC into the reader
before starting the EncrypTight software. When you start the EncrypTight software:
before starting the EncrypTight software. When you start the EncrypTight software:
●
When you open the EncrypTight software, you are prompted for your EncrypTight user name.
●
The software for the reader will prompt you for your PIN.
●
If user authentication is enabled, EncrypTight prompts you for your password.
■
If your EncrypTight deployment includes ETEPs running software version 1.6 or later, entering a
password is optional.
password is optional.
■
If your deployment includes ETEPs with software previous to 1.6, or other models of PEPs, you
must enter a valid password.
must enter a valid password.
●
If user authentication is not enabled, you are logged into the system immediately. For more
information about working with EncrypTight user accounts, see
information about working with EncrypTight user accounts, see