Black Box ET0010A, ET1000A, EncrypTight, ET0100A Using a Common Access Card, To remove certificates

Using Enhanced Security Features

To remove certificates:

1If necessary, switch to the Certificate Manager and select the ETEPs whose certificates you want to remove.

2Select Tools > Clear Certificates.

3Click OK when you are prompted for confirmation.

4Click OK at the message informing you that the connection was reset.

CAUTION

Do not use this function if strict authentication is enabled. Doing so can cause errors and prevent communication between the management workstation and the appliance. Disable strict authentication first and then remove the certificates.

Using a Common Access Card

The EncrypTight system supports the use of smart cards such as the DoD Common Access Card (CAC). Using a CAC provides user authorization in addition to certificate-based authentication. When you use a CAC, EncrypTight components use the certificates installed on the card to determine if a user is authorized to perform a specific action. In order to access the system, every user must have an authorized CAC.

A smart card reader is connected to the management workstation. To access the workstation, you must insert a CAC into the reader. The EncrypTight software reads the identity certificate on the CAC, as well as any trusted root or intermediate certificates. When the EncrypTight software communicates with other EncrypTight components, the common name field from the identity certificate is included in the communications. If the common name used in the communications is on the access list, the operation is allowed.

ActivClient must be installed on the management workstation and configured properly for your environment.

Each component in the system must maintain a list of authorized users. Communications that do not use an authorized common name and a valid certificate are rejected.

Setting up the EncrypTight system to use a CAC involves several tasks:

1Install certificates on all EncrypTight components.

This includes the EncrypTight software, the ETKMSs, and the ETEPs. For detailed information and links to the relevant procedures, see “Using Certificates in an EncrypTight System” on page 265 earlier in this chapter.

2Enable strict authentication on the ETEPs. For more information, see “Enabling and Disabling Strict Authentication” on page 292.

3Enable Common Access Card Authentication on the ETEPs. For more information, see “Enabling Common Access Card Authentication” on page 295.

4Add common names to the existing user accounts on the ETEPs, or add new user accounts with common names. You also need to add a user account with a common name for each ETKMS.

For more information, see “Appliance User Management” on page 102 and “How EncrypTight Users Work with ETEP Users” on page 67.