Black Box EncrypTight, ET0010A, ET0100A, ET1000A Modifying EncrypTight Timing Parameters, Certificate Implementation Errors

Modifying EncrypTight Timing Parameters

EncrypTight User Guide 249

●For ETPM to ETKMS communications errors, check the ETEMS or ETPM application log for an

error entry as described in “ETPM Log Files” on page 241.

●For ETKMS to PEP communications errors, check the ETKMS log files as described in “ETKMS

Log Files” on page 241.

Modifying EncrypTight Timing Parameters

Depending on the deployment, the default timing parameters for communications between EncrypTight

components may need to be adjusted. These include parameters that control how long the ETPM waits

for replies from the ETKMS, as well as how long the ETKMS waits for replies from the PEPs. Other

timing parameters exist as well.

The amount of time that ETPM waits for a response from a ETKMS during a policy deployment can be

changed by setting a value in the config.ini file. This file is located in the configuration directory

inside the ETEMS installation directory. To change the value, add or edit the following line:

maxRetryWaitTime=xxx

Where xxx is the number of seconds that ETPM waits for a reply from a ETKMS. The default value is 6

minutes (360 seconds). The maxRetryWaitTime for ETPM should be set to a value at least 1 or 2

minutes longer than the value of the retryStatusCheckTime parameter on the ETKMS. This ensures

that ETPM will wait for a reply from the ETKMS at least as long as the ETKMS waits for replies from

the PEPs.

To set the retryStatusCheckTime parameter, edit the kdist.properties file. On an external

ETKMS the file is located in the /opt/etkms/conf directory; on the local ETKMS it is located in

\tools\ETKMS\bin (relative to the install directory). For information on timing parameters for a

ETKMS, see “Modifying the ETKMS Properties File” on page 255.

When you use certificates for TLS communications between the ETPM and the ETKMSs and between

the ETKMSs and the PEPs, you might encounter the following problems.

●Cannot communicate with a PEP

●Keystore password might not be correct

●Certificates might not be valid yet

●Certificate might be missing or uninstalled

These errors can occur when you start the ETKMS server or when ETPM first tries to communicate with

the PEP.

If you attempt to add a new PEP to the ETEMS Appliance Manager after strict authentication is enabled

in the EncrypTight software, you will receive a communications error. When strict authentication is

enabled, the EncrypTight software cannot communicate with appliances that do not have the appropriate

certificates.