Support User Manuals

Black Box ET1000A Appliance Trim Kit User Manual

Open as PDF

of 352

Using Enhanced Security Features

296 EncrypTight User Guide

To enable CAC Authentication on the ETEP:

1 Verify that strict authentication is enabled on the ETEP. If strict authentication is not enabled when

you enable Common Access Card Authentication, you can lose the ability to communicate with the

ETEP.

2 In the Appliance Manager, right-click on the ETEP and select Configuration from the shortcut menu.

3 Click the Advanced tab.

4Click XML-RPC Certificate Authentication.

5Click OK.

6 Push the configuration to the ETEP.

To enable CAC Authentication on the ETKMS:

1 Log in directly on the ETKMS as root, or open an SSH session and su to root.

2Edit the

kdist.properties file and add or edit the following lines:

enableCNAuthCheck=true

cnAuthFilePath=../keys/cnAuth.cfg

3 Save and close the file.

4 Repeat steps 1 to 3 on the backup ETKMS.

NOTE

● If you use a backup ETKMS, you also need to add the common name for the certificate used by the

backup ETKMS to the list on the primary ETKMS and vice-versa.

● You must also enable strict authentication by including the line strictCertificateAuth=true.

To enable CAC Authentication in EncrypTight:

1 In the EncrypTight software, choose Edit > Preferences.

2 In the tree, expand the ETEMS item.

3 In the tree, click Login.

4Click Enable Common Access Card Authentication.

5Click OK.

When Common Access Card Authentication is enabled, you must insert a valid CAC into the reader

before starting the EncrypTight software. When you start the EncrypTight software:

● When you open the EncrypTight software, you are prompted for your EncrypTight user name.

● The software for the reader will prompt you for your PIN.

● If user authentication is enabled, EncrypTight prompts you for your password.

■ If your EncrypTight deployment includes ETEPs running software version 1.6 or later, entering a

password is optional.

■ If your deployment includes ETEPs with software previous to 1.6, or other models of PEPs, you

must enter a valid password.

● If user authentication is not enabled, you are logged into the system immediately. For more

information about working with EncrypTight user accounts, see “Managing EncrypTight Users” on

page 61.

previous next