Filter
Top Products
About Strict Authentication
EncrypTight User Guide 263
Related topics:
● “Prerequisites” on page 263
● “Order of Operations” on page 263
● “Certificate Information” on page 264
● “Changing the EncrypTight Keystore Password” on page 266
● “Configuring the Certificate Policies Extension” on page 269
● “Validating Certificates” on page 287
● “Enabling and Disabling Strict Authentication” on page 292
Prerequisites
An important prerequisite to installing new certificates is identifying the certificate authority you plan to
use. Your organization may have a standard CA that everyone uses, or you may need to select one for
this particular security application. The information in this chapter assumes that you have established a
relationship with a certificate authority.
In order to follow the procedures discussed in this section and work with certificates in an EncrypTight
system, you need to understand how to do several tasks covered in more detail in other sections. Cross
references to those sections are provided in Table 67.
NOTE
If you plan to operate in FIPS mode, make sure you enable FIPS mode first and push the configuration to
the ETEPs before you begin to install certificates and set up strict authentication. If you enable FIPS mode
after strict authentication has been activated, you will need to reinstall your certificates.
Order of Operations
You should proceed with caution as you enable strict authentication in your deployment. Among the
issues you could encounter are invalid, misconfigured, or expired certificates that cause communication
failures. The following order of operations is recommended:
1 If you plan to operate in FIPS mode, enable FIPS mode on your ETEPs before you make other
changes.
2 Change the keystore password for the EncrypTight software and the ETKMSs.
3 Install certificates and keys on the management workstation and a few PEPs.
Table 67 Prerequisites for Using Certificates with EncrypTight
How to: Reference:
Navigate and work with ETEMS “Getting Started with ETEMS” on page 83
Add and configure PEPs “Provisioning Appliances” on page 95
Access the command line interface on the
ETKMS
“Logging Into the ETKMS” on page 47
Access the command line interface for a PEP See the configuration chapter for the model of
PEP that you are using.