Validating Certificates

Deleting a Certificate

Delete external certificates if they have expired or are no longer used. External certificates are the only type of certificate that you can delete from the EncrypTight appliance. You can overwrite existing management ID certificates to replace them, but you cannot explicitly delete them.

CAUTION

You must have at least one external certificate installed on the EncrypTight appliance. Deleting an external certificate that is currently being used for authentication will cause management communications to fail.

To delete an external certificate:

1Turn off strict authentication on the ETEP in the configuration editor and push the new configuration, or use the strict client authentication disable CLI command. (For more information, see “Enabling and Disabling Strict Authentication” on page 292.)

2In the Appliances view, right-click the appliance with the certificate that you want to delete, and click View Certificates in the shortcut menu. The certificates that are installed on the selected appliance are added to the Certificate view.

3In the Certificates view, right-click the target certificate and click Delete from the shortcut menu. The certificate is removed from the Certificates view and is no longer available to authenticate peers.

Validating Certificates

Generally, certificates are considered valid until they expire. However, certificates can be revoked by CAs when necessary. Devices can check the validity of a certificate using certificate revocation lists (CRLs) or the online certificate status protocol (OCSP).

This section includes the following topics:

“Validating Certificates Using CRLs” on page 287

“Validating Certificates Using OCSP” on page 289

Validating Certificates Using CRLs

Certificate authorities publish certificate revocation lists (CRLs) to identify certificates that it considers invalid. Certificates include a field called a CRL Distribution Point extension, which provides a URL for the certificate authority that has its CRL.

By default, the EncrypTight software and the ETKMSs examine received certificates to determine the URL to use and check this location for CRLs. You must obtain and install a copy of the CRL on the ETEPs that you use.

You can configure the management workstation and the ETKMSs to check for a copy of the CRL in a local directory that you specify. In either case, all EncrypTight components check the CRLs the first time a device initiates communication and then stores the CRL until it expires.

Storing the CRLs locally can accelerate the process of checking CRLs and helps minimize false authentication failures due to revocation check failures. However, if you choose to store CRLs locally,

EncrypTight User Guide

287

Page 286
Image 286
Black Box EncrypTight Validating Certificates Using CRLs, Deleting a Certificate, To delete an external certificate

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.