Using Enhanced Security Features

In order to use OCSP, you must enable it on each EncrypTight component.

ETEPs can read the URL from the certificate itself, but you can specify a URL to use if needed.

The EncrypTight software and the ETKMSs provide additional options that allow you to specify the default action if no OCSP responder can be located or if the URL cannot be contacted. When OCSP is enabled, EncrypTight and the ETKMS try to check the revocation status using OCSP.

If no default OCSP responder is defined, then EncrypTight and the ETKMS check the certificate to determine the URL to use to contact an OCSP responder.

If there is no OCSP URL defined in the certificate, you can specify that EncrypTight and the ETKMS check the certificate for the URL of a CRL Distribution Point as a fallback.

If the CRL Distribution Point URL is not present or if the URL cannot be reached, the validation fails. Unlike using CRLs only, there is no option to ignore revocation check failures in this scenario.

By default, the system assumes that OCSP responses are signed by the issuer of the certificate whose status is being checked. You can override this and specify an alternative signer by entering the subject name of the signer’s certificate.

In addition, in order to verify the response from the OCSP responder, you need to install the certificate from the OCSP responder. For more information about installing certificates, see “Installing an External Certificate” on page 280.

To set up OCSP in EncrypTight:

1In the EncrypTight software, click Edit > Preferences.

2In the tree, expand the ETEMS item and click Communications (see Figure 95).

3Click Enable Online Certificate Status Protocol (OCSP).

4Configure other options as needed (see Table 79).

5Click OK.

Table 79 EncrypTight OCSP Options

Options

Description

Enable Online Certificate

Enables and disables the use of OCSP in the EncrypTight software. By

Status Protocol (OCSP)

default, this is disabled.

OCSP Responder

Specifies the subject name of the certificate for the OCSP responder.

Certificate Distinguished

 

Name

 

Verify OCSP Responder

Specifies that messages from the OCSP responder should be

 

authenticated using the installed certificate. To use this option, you must

 

install a certificate for the OCSP responder.

Ignore Failure to Respond

Specifies that the lack of a response from the OCSP responder should

 

be ignored.

Revert to CRL on OCSP

Specifies that if the OCSP responder does not reply or cannot be

Responder Failure

reached, EncrypTight should read the certificate to determine the

 

location of the CRL to use to validate the certificate. Note that

 

authentication fails when OCSP is enabled and a CRL cannot be

 

accessed as a fallback.

Check OCSP Responder

Specifies that every certificate in the certificate chain of the OCSP

Certificate Chain

responder should be checked.

OCSP URL

Specifies the URL to use for OCSP checking. This option overrides the

 

use of any OCSP URL that might be indicated in certificates.

 

 

290

EncrypTight User Guide

Page 288 Page 290
Page 289
Image 289
Black Box ET0010A To set up Ocsp in EncrypTight, Click Enable Online Certificate Status Protocol Ocsp, Options Description
Page 288 Page 290

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.
Top Page Image Contents