Filter
Top Products
Modifying Communication Preferences
EncrypTight User Guide 93
3 In the Communications window, modify any of the communication preferences (see Table 24 and
Table 25).
4 Do one of the following:
● Click Apply to set the new value.
● Click Restore Defaults to reset the timeout to the factory setting.
5Click OK.
Table 24 General communication preferences
Preference Description
Communication
timeout
Sets the amount of time that ETEMS waits for a response from an appliance
during a standard communication attempt (refreshing status, comparing
configurations, loading configurations). The valid range is 1-180 seconds.
Software upgrade
timeout
Sets the amount of time that ETEMS allows for a software upgrade on an
appliance to complete. The valid range is 60-1,296,000 seconds (15 days).
Use TLS By default, ETEMS uses TLS to encrypt communications between the
management workstation and the appliance’s management port. When TLS
is enabled, communication between ETEMS and the appliance is encrypted.
If you are managing ETEP appliances, TLS must be enabled. ETEMS
cannot communication with the ETEP when TLS is disabled.
Table 25 Strict authentication communication preferences
Use Strict Certificate
Authentication
When enabled, all management communications between EncrypTight
components is authenticated using certificates. EncrypTight can use TLS
with encryption only, or TLS with encryption and strict authentication for
added security. For more information about strict authentication, see “Using
Enhanced Security Features” on page 261.
Enable Online
Certificate Status
Protocol (OCSP)
When enabled, EncrypTight uses the online certificate status protocol
(OCSP) to check the validity of certificates. OCSP is an alternative to using
CRLs. For more information about OCSP, see “Validating Certificates Using
OCSP” on page 289.
OCSP Responder
Certificate
Distinguished Name
Specifies the subject name of the certificate for the OCSP responder.
Verify OCSP
Responder
Verifies OCSP responses by authenticating the response message with the
installed certificate. To use this option, you must install the certificate from
the OCSP responder.
Ignore Failure to
Respond
When checked, this option allows ETEMS to accept a certificate even when
a response to an OCSP query is not received in a timely manner.
Revert to CRL on
OCSP Responder
Failure
When checked, if EncrypTight does not receive a reply from the OCSP
responder or it cannot be reached, EncrypTight reads the certificate to
determine the location of a CRL and uses that instead of OCSP to validate
the certificate. In this case, if the CRL cannot be accessed, authentication
fails.
Check OCSP
Responder Certificate
Chain
When checked, this option specifies that ETEMS should check every
certificate in the responder’s chain of trust.
OCSP URL Specifies a URL to use for the OCSP responder. This option overrides the
URL that may be included in the certificate.