PKI Settings

Using this dialog box, you can configure this path to use appropriate PKI settings for your situation.

Verify Host Name against Host Certificate Name

Select this option if you want InfoConnect to verify that the name in the certificate you received matches the host name specified for the path in the TCP/UDP Path Options dialog box.

NOTE: This setting is required for DOD PKI users.

Certificate Revocation

Select at least one of the following options to enable certificate revocation checking. If you select both options, the program performs the OCSP check first, and then the CRL check.

  • Use CRL

    A Certificate Revocation List (CRL) to ensure that certificates being used have not been revoked by the certification authority.When enabled, InfoConnect checks for CRLs in any location specified in the CRL Distribution Point (CDP) field of the certificate, and the Reflection Certificate Manager provides you with the option to configure an LDAP server from which you can retrieve intermediate certificates for CRLs.

  • Use OCSP

    An OCSP (Online Certificate Status Protocol) responder to confirm whether a certificate is valid.When enabled, an OCSP responder reacts to certificate status requests with one of three digitally signed responses: Valid, Invalid, and Unknown. Using OCSP removes the need for servers and/or clients to retrieve and sort through large CRLs.

NOTE:DOD PKI users must select at least one of these options.

Reflection Certificate Manager

Click this button to invoke the Reflection Certificate Manager. The Reflection Certificate Manager allows you to manage the digital certificates in the Reflection certificate store and to configure other aspects of InfoConnect PKI support. If you enable either form of certificate revocation checking, you must use the Reflection Certificate Manager to configure the appropriate server.

NOTE:DOD PKI users must also use the Reflection Certificate Manager to disable the use of the Windows Certificate Store.