Using Enhanced Security Features

Working with Certificates for EncrypTight and the ETKMSs

For both the workstation running the EncrypTight software and the ETKMS, use the keytool utility to request and install certificates. The keytool utility is a Java-based utility for key and certificate management. A complete discussion of using the keytool utility is beyond the scope of this guide. You can find additional information on the Internet.

On each EncrypTight component, encryption keys and certificates are stored in the keystore. The location of the keytool utility and the keystore depends on the component with which you are working.

On the management workstation, keytool is located in <installDir>\jre\bin where <installDir> is the directory where you installed the EncrypTight software. By default, keys are stored in the keystore located in the <installDir>\cvConfig\keys directory.

On the ETKMS, keytool is located in /usr/java/latest/bin/keytool and the keystore is located in /opt/etkms/keys.

You need to follow the procedures in this section for both the management workstation and the ETKMS. Before proceeding, you should change the default password for the keystore (see “Changing the Keystore Password” on page 266). If your organization uses the certificate policies extension for certificates, you also need to specify what values are valid for this extension on each device (see “Configuring the Certificate Policies Extension” on page 269).

If you plan to use a CA certificate as an external certificate for validation, obtain a copy of the CA certificate before you begin. You will receive a .PEM or .DER file that you can import into the keystore on the devices with which you work.

NOTE

If your ETKMS includes an HSM, skip this section and follow the instructions in “Working with Certificates and an HSM” on page 275 to generate requests and install certificates.

This section includes the following topics:

“Generating a Key Pair” on page 272

“Requesting a Certificate” on page 273

“Importing a CA Certificate” on page 274

“Importing a CA Certificate Reply” on page 274

“Exporting a Certificate” on page 275

Generating a Key Pair

To request a certificate from a CA, you must first generate a public/private key pair. This procedure essentially creates a self-signed certificate and places it in the keystore.

272

EncrypTight User Guide

Page 270 Page 272
Page 271
Image 271
Black Box ET0100A, ET1000A, ET0010A manual Working with Certificates for EncrypTight and the ETKMSs, Generating a Key Pair
Page 270 Page 272

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.
Top Page Image Contents