Filter
Top Products
Using Enhanced Security Features
294 EncrypTight User Guide
To remove certificates:
1 If necessary, switch to the Certificate Manager and select the ETEPs whose certificates you want to
remove.
2 Select Tools > Clear Certificates.
3Click OK when you are prompted for confirmation.
4Click OK at the message informing you that the connection was reset.
CAUTION
Do not use this function if strict authentication is enabled. Doing so can cause errors and prevent
communication between the management workstation and the appliance. Disable strict authentication first
and then remove the certificates.
Using a Common Access Card
The EncrypTight system supports the use of smart cards such as the DoD Common Access Card (CAC).
Using a CAC provides user authorization in addition to certificate-based authentication. When you use a
CAC, EncrypTight components use the certificates installed on the card to determine if a user is
authorized to perform a specific action. In order to access the system, every user must have an authorized
CAC.
A smart card reader is connected to the management workstation. To access the workstation, you must
insert a CAC into the reader. The EncrypTight software reads the identity certificate on the CAC, as well
as any trusted root or intermediate certificates. When the EncrypTight software communicates with other
EncrypTight components, the common name field from the identity certificate is included in the
communications. If the common name used in the communications is on the access list, the operation is
allowed.
ActivClient must be installed on the management workstation and configured properly for your
environment.
Each component in the system must maintain a list of authorized users. Communications that do not use
an authorized common name and a valid certificate are rejected.
Setting up the EncrypTight system to use a CAC involves several tasks:
1 Install certificates on all EncrypTight components.
This includes the EncrypTight software, the ETKMSs, and the ETEPs. For detailed information and
links to the relevant procedures, see “Using Certificates in an EncrypTight System” on page 265
earlier in this chapter.
2 Enable strict authentication on the ETEPs. For more information, see “Enabling and Disabling Strict
Authentication” on page 292.
3 Enable Common Access Card Authentication on the ETEPs. For more information, see “Enabling
Common Access Card Authentication” on page 295.
4 Add common names to the existing user accounts on the ETEPs, or add new user accounts with
common names. You also need to add a user account with a common name for each ETKMS.
For more information, see “Appliance User Management” on page 102 and “How EncrypTight Users
Work with ETEP Users” on page 67.