Filter
Top Products
Using Enhanced Security Features
264 EncrypTight User Guide
4 Temporarily enable strict authentication in ETEMS and make sure that you can still communicate
with the PEPs (refresh status for the PEPs that you used in step 3. If the PEPs respond appropriately,
continue with the next step. If you cannot communicate with the PEPs, troubleshoot and fix the
problems found.
5 If step 4 was successful, enable strict authentication on the PEPs that you used in step 3 and retest
communications. If ETEMS can still communicate with the PEPs, then ETEMS has certificates that
can be used.
At this point, you can disable strict authentication and continue to provision more of the network.
6 When you have installed certificates on all of the devices in the system (including the ETKMSs and
all of your PEPs), you can reenable strict authentication in ETEMS.
7 Refresh status for all devices to verify that ETEMS can still communicate with all devices. If you
cannot communicate with a device, it probably has an invalid or misconfigured certificate.
Fix any issues discovered and proceed.
8 Enable strict authentication on all of the PEPs.
9 Enable strict authentication on the ETKMSs.
NOTE
If you need to add a new PEP after you have enabled strict authentication, temporarily disable strict
authentication in the ETEMS preferences first, and then add the PEP. Configure the PEP as needed. After
you push the configuration, install certificates on the PEP and re-enable strict authentication in ETEMS.
Refresh status to test the communications and if everything is successful, enable strict authentication on
the new PEP.
Related topics:
● “Prerequisites” on page 263
● “Certificate Information” on page 264
● “Using Certificates in an EncrypTight System” on page 265
Certificate Information
When you generate a keypair and create certificates, you must provide information that uniquely
identifies the device. This information is referred to as a distinguished name and consists of the values
described in Table 68. When you generate a keypair using the keytool utility, this information is specified
as part of the
-dname parameter.
Table 68 Distinguished name information
Setting Description
Common Name (CN) A name that identifies the device or person. Length: 0-64 characters.
Organizational Unit (OU) Name of a sub-section of the organization, such as a department or
division. Length: 0-64 characters.
Organization (O) Organization or company name. Length: 0-64 characters.
Locality (L) City, town, or geographical area where the organizational unit is
located. Length: 0-128 characters.
State/Province (S) State or province where the organizational unit is located. Length: 0-
128 characters.
Country (C) Two letter country abbreviation (optional).