Black Box ET1000A Manual De Usuario
Using Enhanced Security Features
272
EncrypTight User Guide
Working with Certificates for EncrypTight and
the ETKMSs
For both the workstation running the EncrypTight software and the ETKMS, use the keytool utility to
request and install certificates. The keytool utility is a Java-based utility for key and certificate
management. A complete discussion of using the keytool utility is beyond the scope of this guide. You
can find additional information on the Internet.
request and install certificates. The keytool utility is a Java-based utility for key and certificate
management. A complete discussion of using the keytool utility is beyond the scope of this guide. You
can find additional information on the Internet.
On each EncrypTight component, encryption keys and certificates are stored in the keystore. The location
of the keytool utility and the keystore depends on the component with which you are working.
of the keytool utility and the keystore depends on the component with which you are working.
●
On the management workstation, keytool is located in
<installDir>\jre\bin
where
<installDir>
is the directory where you installed the EncrypTight software. By default, keys are
stored in the keystore located in the
<installDir>\cvConfig\keys
directory.
●
On the ETKMS, keytool is located in
/usr/java/latest/bin/keytool
and the keystore is located
in
/opt/etkms/keys
.
You need to follow the procedures in this section for both the management workstation and the ETKMS.
Before proceeding, you should change the default password for the keystore (see
Before proceeding, you should change the default password for the keystore (see
). If your organization uses the certificate policies extension for certificates, you
also need to specify what values are valid for this extension on each device (see
If you plan to use a CA certificate as an external certificate for validation, obtain a copy of the CA
certificate before you begin. You will receive a .PEM or .DER file that you can import into the keystore
on the devices with which you work.
certificate before you begin. You will receive a .PEM or .DER file that you can import into the keystore
on the devices with which you work.
NOTE
to generate requests and install certificates.
This section includes the following topics:
●
●
●
●
●
Generating a Key Pair
To request a certificate from a CA, you must first generate a public/private key pair. This procedure
essentially creates a self-signed certificate and places it in the keystore.
essentially creates a self-signed certificate and places it in the keystore.