You can configure the server to authenticate using any of the following:
The local computer certificate stored within the Windows certificate store.
A PKCS #12 file (*.pfx or *.p12) that includes both the certificate and the associated private key.
A certificate file (*.cer) and its associated private key.
Here's a quick summary of the important steps. The details are explained in the procedures that follow.
Configure the server for certificate authentication.
Install the CA root certificate on the client.
(Optional) Configure strict host key checking on the client.
To configure certificate authentication on the Reflection for Secure IT server
Start the server console, and then click
.Select
and specify the certificate to use.
To use |
Do this |
---|---|
The local computer certificate from the Windows store |
Select . Click to select a certificate from this store. |
A certificate in a PKCS#12 file |
Select , and then in the text box, enter the full path and filename (*.pfx or *.p12).The certificate is exported automatically, and the exported file appears in the text box. |
A certificate and its associated private key |
Select , enter the full path and name of the private key file in the text box, and then specify the full path and name of the certificate file in the text box. |
Save your settings (
> ).Restart the server.
The procedure that follows describes how to configure the Reflection for Secure IT Client for Window to use a certificate for host authentication. If you use a different client, refer to your client documentation.
To configure the Reflection for Secure IT Client for Windows
Start the Reflection for Secure IT Client for Windows.
Open the
dialog box ( > > ).Click the
tab.Install the CA root certificate on the client:
To add the certificate to |
Do this |
---|---|
The Windows certificate store |
Click , and then import the certificate using the Trusted Root Certification Authorities tab. |
The Reflection certificate store |
Click , and then import the certificate using the tab. |
(Optional) To eliminate the risk created by allowing users to accept unknown keys, enforce strict host key checking on the client — from the
tab of the dialog box, set to Yes.