Filter
Top Products
Using a Common Access Card
EncrypTight User Guide 295
5 Add the authorized common names to the cnAuth.cfg file on the ETKMS. For instructions, see
“Configuring User Accounts for Use With Common Access Cards” on page 295
6 Enable strict authentication and Common Access Card Authentication on the ETKMS. For more
information, see “Enabling and Disabling Strict Authentication” on page 292 and “Enabling Common
Access Card Authentication” on page 295.
7 Enable strict authentication and Common Access Card Authentication in the EncrypTight software.
When the EncrypTight software initiates communication with the ETEPs and the ETKMS, it includes the
common name read from the identity certificate provided by the CAC.
Configuring User Accounts for Use With Common
Access Cards
When Common Access Card Authentication is enabled, you must configure the common name for each
EncrypTight user account and for each ETEP user account. The common names also need to be added to
the ETKMSs and backup ETKMSs that you use.
The common name field in the user account must match the common name used for the certificate. You
can configure this field when you add new users (if Common Access Card Authentication is enabled) or
later by editing the user account of an existing user.
For information about working with user accounts, see:
● “Managing EncrypTight Users” on page 61
● “Managing Appliance Users” on page 106
User account management on the ETKMS is an operating system function that does not interact with the
EncrypTight system. However, you need to add the common names to a list on the ETKMS.
To add common names to the ETKMS:
1 Using a text editor, open the file
cnAuth.cfg, which is located in:
/opt/etkms/keys
2 Add the authorized common names and save the file. Make sure you include the common names for
the certificates used by any peer ETKMSs and backup ETKMSs.
NOTE
You also need to install a copy of the trusted root certificate. For more information, see “Working with
Certificates for EncrypTight and the ETKMSs” on page 272.
Enabling Common Access Card Authentication
You must enable Common Access Card Authentication on each ETEP, the ETKMS, and in the
EncrypTight software.