After you have configured PKI Services Manager, you need to configure the Reflection for Secure IT server to contact PKI Services Manager for certificate validation services.
To configure Reflection for Secure IT to support certificate authentication
Start the Reflection for Secure IT console (
> ).From the
pane, ensure that is set to or . ( is the default.)Open the
pane ( > > ) and use the steps that follow to configure connections to one or more running instances of PKI Services Manager.NOTE:If PKI Services Manager is running on the same computer as Reflection for Secure IT, you can use the default localhost entry. If PKI Services Manager is running on a different computer, delete the localhost entry and use the following steps to add one or more PKI servers to the list.
Click
to open the dialog box.For
, specify the name or IP address of the computer running PKI Services Manager. In the field, the default port used by PKI Services Manager is already configured. Edit this if you use a non-default port.Click
. You'll see a dialog box that displays the fingerprint of the PKI Services Manager public key. (This key should match the key displayed in the PKI Services Manager console when you go to > .) Click to confirm the key fingerprint.You'll have an opportunity to confirm the name and location for this key. When you click
, the full path to the key file is entered automatically in .NOTE:The
option is supported by PKI Services Manager 1.2 and later. If you are running an earlier version, you can manually copy the PKI Services Manager public key to the computer running Reflection for Secure IT, then manually enter the key name and location in the field.Click
to close the n dialog box.(Optional) Add additional PKI servers to your list. If you configure connections to more than one PKI server, Reflection for Secure IT uses a round robin method to determine which PKI server to contact. If a PKI server is not available, Reflection for Secure IT contacts the next server on the list.
NOTE:To ensure that each PKI server returns the same validation for all certificates, make sure that all your instances of PKI Services Manager have identical trust anchors, configuration settings, and mapping files.
Save your settings (
> ).