4.6.7 Trusted Certification Authorities Tab (Reflection Certificate Manager)

Getting there

Use this tab to manage certificates from trusted certification authorities (CAs) in the Reflection Certificate Manager store. Micro Focus applications that support the Reflection Certificate Manager automatically use any certificates in the Trusted Certification Authorities store for host (server) authentication.

Import

Add a certificate (typically *.cer or *.crt) to the store.

Remove

Remove the selected certificate from the store.

View

View the selected certificate.

Store trusted certificates in the common application data folder

By default, trusted roots that you add using the Import button are saved to the following file, which makes them available only to your current user account:

personal_documents_folder Micro Focus\extra\.pki\trust_store.p12

For example:

Micro Focus\extra\Users\username\Documents\.pki\trust_store.p12

Select Store trusted certificates in the common application data folder to import a certificate to the following location, which makes it available to all users of the computer:

Micro Focus\extra\%programdata%\.pki\trust_store.p12

NOTE:

  • The value of this setting is not saved. Selecting or clearing it only affects which certificate store you are viewing and editing while the dialog box remains open. If a shared store is present, this setting is selected by default when you open the dialog box. If no shared store is present, the setting is not selected by default.

  • If a shared store exists, trusted roots are read exclusively from the shared store. Trusted roots you have configured for individual user accounts no longer have any effect.

  • To revert to user-specific trusted root stores after creating a shared store, you must delete or rename the shared trust_store.p12 file. If you simply clear this setting, subsequent changes will modify your personal store, but the personal store continues to have no effect as long as trust_store.p12 is still present in the common application data folder.ยท

  • If the operating system has been configured by the administrator to deny users write access to Micro Focus\extra\%programdata%\, this setting is not available to those users and they will not be able to modify items in the shared trusted root store.

Use System Certificate Store for SSH connections

When this item is selected, your application uses certificates in your Windows certificate store (in addition to any certificates you have imported into the Reflection Certificate Manager store) to authenticate hosts when establishing a Secure Shell connection.

Clear this setting to ensure that your sessions authenticate hosts using only the certificates in the Reflection Certificate Manager store.

Use System Certificate Store for SSL/TLS connections

When this item is selected, your application uses certificates in your Windows certificate store (in addition to any certificates you have imported into the Reflection Certificate Manager store) to authenticate hosts when establishing an SSL/TLS connection.

Clear this setting to ensure that your sessions authenticate hosts using only the certificates in the Reflection Certificate Manager store.

Allow MD5 signed certificates

Allow MD2 signed certificates

When these items are selected, validation allows intermediate CA certificates signed with the specified hash. When these items are not selected, certificate validation fails if an intermediate certificate is signed with the specified hash.

  • These certificate hash settings affect intermediate CA certificates only; any certificate that has been added to your trusted root store is trusted, regardless of the signature hash type.

  • These settings are not available if your application has been configured by group policy to run in DOD PKI mode.