Validating Certificates

NOTE

For enhanced security, if you want to validate certificates using OCSP only, disable the options to Ignore

Failure to Respond and Revert to CRL on OCSP Responder Failure.

To set up OCSP in the ETKMS:

1Log in directly on the ETKMS as root, or open an SSH session and su to root.

2Using a text editor, open the kdist.properties file and add or edit the following lines:

#crlPath=../keys/current.crl ocspEnabled=true ocspDefaultResponderURL=http://<IPaddress:Port#> ocspCRLFallbackEnable=true #ignoreRevocationCheckErrors=false

Table 80 ETKMS OCSP Parameters

Parameter

Description

crlPath

The directory path to a CRL stored locally. Storing CRLs locally is

 

not supported when you use OCSP. When you use OSCP, this

 

parameter should be commented out by preceding the line with a #.

ocspEnabled

Enables and disables the use of OCSP.

ocspDefaultResponderURL

IP address and port number for a default OCSP responder, for

 

example:

 

http://192.168.42.4:8888

ocspCRLFallbackEnable

Enables and disables checking CRLs if no OCSP default responder

 

is specified and no OCSP URL is found in the certificate, or when a

 

responder cannot be reached.

ignoreRevocationCheckErrors

Specifies whether to ignore revocation check failures for CRLs.

 

When you use OCSP, this parameter should be commented out by

 

preceding the line with a #. Ignoring revocation check failures is not

 

a valid option when OCSP is in use.

 

 

To set up OCSP on the ETEPs:

1In the Appliance manager, right click on the appliance that you want to change and select Configuration.

2Click the Advanced tab.

3Click Enable OCSP.

4In the OCSP URL box, enter the URL of the OCSP responder.

5Make other selections as needed. See Table 81 for an explanation of the OCSP settings.

6Click OK.

Table 81 OCSP Settings

Option

Description

Enable OCSP

When checked, enables the use of OCSP. The default is

 

unchecked.

Verify OCSP Response

Verifies OCSP responses by authenticating the response with the

 

installed certificate. The default is to verify the OCSP response.

 

 

EncrypTight User Guide

291

Page 290
Image 290
Black Box EncrypTight To set up Ocsp in the Etkms, Etkms Ocsp Parameters, To set up Ocsp on the ETEPs, Click Enable Ocsp

EncrypTight, ET0100A, ET0010A, ET1000A specifications

The Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are advanced solutions designed for secure data transmission and network management, catering to modern enterprise needs. These tools integrate cutting-edge technologies to enhance connectivity, security, and efficiency within various environments.

The Black Box ET1000A is primarily a high-performance Ethernet over Twisted Pair (EoTP) solution. It enables users to extend Ethernet signals over long distances using existing twisted-pair cabling without sacrificing speed or reliability. With support for speeds up to 100 Mbps, this device is ideal for organizations looking to upgrade their existing infrastructure without extensive rewiring. Key features include plug-and-play installation, which simplifies deployment, and versatile compatibility with both legacy and modern ethernet networks.

The ET0010A model takes connectivity a step further by providing seamless integration with fiber optics. This device supports transmission distances that far exceed traditional copper solutions, making it a perfect fit for larger facilities or multi-building campuses. Its built-in Ethernet switch enhances network efficiency by providing multiple ports for device connectivity, thus facilitating greater data flow.

EncrypTight technology is a notable feature across these Black Box models, offering advanced encryption capabilities to safeguard sensitive data during transmission. With military-grade encryption protocols, EncrypTight ensures that corporate information remains secure from potential eavesdroppers. This technology is essential for businesses operating in regulated industries or that handle confidential customer information.

The ET0100A model combines intelligence with monitoring features to provide users with comprehensive network insights. It boasts built-in diagnostic tools that enable IT professionals to troubleshoot issues quickly and efficiently. Additionally, it features real-time performance monitoring, allowing users to analyze bandwidth usage and optimize network performance accordingly.

In conclusion, the Black Box ET1000A, ET0010A, EncrypTight, and ET0100A are powerful tools that embody the latest in data transmission and network management technologies. With their unique features—including extended connectivity capabilities, robust encryption technologies, and real-time monitoring solutions—these devices cater to the growing demands of businesses seeking to enhance their network infrastructure while ensuring robust security and efficiency. Integrating these tools into any organization’s operations can fundamentally improve both performance and data protection, making them indispensable in today’s digital landscape.