Configure Client Authentication using Certificates

Digital certificates An integral part of a PKI (Public Key Infrastructure). Digital certificates (also called X.509 certificates) are issued by a certificate authority (CA), which ensures the validity of the information in the certificate. Each certificate contains identifying information about the certificate owner, a copy of the certificate owner's public key (used for encrypting and decrypting messages and digital signatures), and a digital signature (generated by the CA based on the certificate contents). The digital signature is used by a recipient to verify that the certificate has not been tampered with and can be trusted. can be used for either host and/or client authentication The process of reliably determining the identity of a communicating party. Identity can be proven by something you know (such as a password), something you have (such as a private key or token), or something intrinsic about you (such as a fingerprint). in Secure Shell client sessions. Certificates are not required and are not used by default. This topic describes how to configure the Reflection client for certificate authentication. For information about how to configure the Secure Shell server, consult the server documentation.

To configure certificate authentication on the client

  1. Obtain a file that contains your personal certificate and an associated private key (such as a *.pfx or *.p12 file). (You can obtain certificates from a certification authority.)

  2. Use this file to import the certificate into the personal tab of either the Reflection Certificate Manager or the Windows certificate store.

  3. From Reflection, open the Reflection Secure Shell Settings dialog box.

  4. From the General tab, make sure that Public Key is selected under User Authentication (the default).

  5. From the User Keys tab, locate the certificate you want to use from the list of available keys, and then to enable its use, select it in the Use column.