Validating Certificates

To install a CRL on the ETEP:

1Switch to the Certificate Manager perspective.

2In the Appliances view, right-click on the target ETEP and choose Install CRL.

3Navigate to the appropriate directory and select the CRL file that you want to install.

4Click Open.

5Push the modified configuration to the ETEP in order to complete the installation.

To view CRLs

1In the Appliances view, right-click the target ETEP and click View CRLs in the shortcut menu. A list of installed CRLs is displayed in the CRLs view.

To delete CRLs

1In the Certificate Manager perspective, select the target ETEP.

2Click the CRLs tab.

3Right-click on the CRL that you want to remove and select Delete.

Handling Revocation Check Failures

Not being able to check a CRL does not automatically indicate that a certificate is expired or revoked, especially if the CRL is stored on a server on a different network. By default, if an EncrypTight component cannot check a CRL for any reason, it logs the failure, but still allows a secure communication session to be created. In the EncrypTight software and on the ETKMS, you can change this behavior to fail the authentication instead.

To change the default ETKMS action when a CRL cannot be checked:

1Log in as root and edit the file /opt/etkms/conf/kdist.properties and add or edit the following line in the Certificate Configuration section:

ignoreRevocationCheckErrors=false

2Save and close the file.

To change the default EncrypTight action when a CRL cannot be checked:

1In EncrypTight, select Edit > Preferences.

2Click ETEMS to expand the tree and then click Communications.

3Click Ignore CRL access failure to clear the check box.

4Click OK.

Validating Certificates Using OCSP

As an alternative to using CRLs, you can validate certificates with the online certificate status protocol (OCSP). With OCSP, the device that wants to check the validity of a certificate reads the certificate to determine the URL of the OCSP responder and sends a request that identifies the certificate in question. Organizations can also explicitly specify a URL to use for the OCSP responder. The OCSP responder returns a signed OCSP response indicating the validity of the certificate.

EncrypTight User Guide

289

Page 287 Page 289
Page 288
Image 288
Black Box ET1000A Handling Revocation Check Failures, Validating Certificates Using Ocsp, To install a CRL on the Etep
Page 287 Page 289

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.
Top Page Image Contents