Configuring the Certificate Policies Extension
EncrypTight User Guide 269
./HSMPwdChg.sh
The script will print out the new value of the password. Make note of this value.
5 Change the password for the Security Officer role by typing:
ctkmu p -O
You will be prompted for the value of the old password and then for the value of the new password.
6 Change the password for the User role by typing:
ctkmu p
You will be prompted for the value of the old password and then for the value of the new password.
NOTE
The documentation provided by the manufacturer of the HSM refers to these passwords as PINs.
Configuring the Certificate Policies Extension
EncrypTight supports the use of the certificate policies extension in certificates. CAs use this extension to
indicate the purposes for which a certificate was issued, for example, digitally signing e-mail or
encryption. If a certificate is being used for a purpose that is not indicated by the extension, it can be
rejected.
In a certificate, the certificate policies extension indicates the purposes for which a certificate was issued
with one or more registered Object Identifiers (OIDs), which are values that can vary by organization and
industry. If the CA that issues the certificate does not want to limit the purposes for which the certificate
can be used, they can use a special OID that indicates it can be used for any policy.
If your organization uses the certificate policies extension in certificates, you need to specify the OIDs
that will be accepted by the EncrypTight software, the ETKMSs, and each ETEP before you begin
requesting and installing certificates. The OIDs are ignored until you enable strict authentication.
You can configure the certificate policies extension for ETEPs on the Advanced tab of the Appliance
Editor. The changes do not take effect until you push the configurations to the ETEPs.
To configure the certificate policies extension for ETEPs:
1 In Appliance editor for the ETEP, click the Advanced tab.
2Click Enable Policy Extensions.
3Click Add.
4 In the Certificate Policy Extension editor, type the OID that you want to add and click OK.
● If you make a mistake, select the OID in the list and click Modify to change it.
● If you need to remove an OID, select it and click Delete.
5 Repeat steps 3 and 4 for each OID you need to add.
6Click Save.