You can configure certificate authentication for both Secure Shell and SSL/TLS connections.
All SSL/TLS sessions require certificates for host authentication; without the necessary certificate, you cannot make a host connection. Depending on the host configuration, you may also need to install certificates for user authentication.
Secure Shell sessions typically require both host and user authentication. Certificates can be used for either host and/or user authentication, but are not required by default.
Certificate authentication solves some of the problems presented by public key authentication. For example, for host public key authentication, the system administrator must either distribute host keys for every server to each client's known hosts store, or count on client users to confirm the host identity correctly when they connect to an unknown host. When certificates are used for host authentication, a single CA root certificate can be used to authenticate multiple hosts. In many cases the required certificate is already available in the Windows certificate store.
Digital certificates are maintained on your computer in certificate stores. A certificate store contains the certificates you use to confirm the identity of remote parties, and may also contain personal certificates, which you use to identify yourself to remote parties. Personal certificates are associated with a private key on your computer.
You can use digital certificates located in all of the following stores:
The Windows Certificate Store
This store can be used by a number of applications, web browsers, and mail clients. Some certificates in this store are included when you install the Windows operating system. Others may be added when you connect to internet sites and establish trust, when you install software, or when you receive an encrypted or digitally signed e-mail. You can also import certificates manually into your Windows store. Manage the certificates in this store using the Windows Certificate Manager.
The Reflection Certificate Manager Store
This store is used only by Micro Focus applications. To add certificates to this store, you must import them manually. You can import certificates from files and also use certificates on hardware tokens such as smart cards.
Centralized Management Server
The Centralized Management Server provides an administrator the means to centrally manage, secure, and monitor users’ access to host applications. Administrators can deploy centrally managed sessions and certificates to the user. Digital certificates through the centralized management server can only be enabled if the centralized management server is configured to provide users’ access to host applications.
Use the Reflection Certificate Manager to manage certificates for use exclusively by Reflection. You can deploy certificates and settings per-user or for all users of the system.
User-specific location: [PersonalFolder] The full path to the Documents folder for the current user. The default is C:\Users\username\Documents. \Micro Focus\Reflection\.pki
Global location: [CommonAppDataFolder] The full path to application data for all users. The default is C:\ProgramData. \Micro Focus\Reflection\.pki
NOTE:These settings are not included in compound documents.
The procedures for opening the Certificate Manager depend on your product and session type.
To open the Reflection Certificate manager from the Secure Shell Settings dialog box
Open the Reflection Secure Shell Settings dialog box.
On the PKItab, click Reflection Certificate Manager.
To open the Reflection Certificate manager from the Security Properties dialog box
Open the Security Properties dialog box.
On the SSL/TLS tab, select Use SSL/TLS Security.
Click Configure PKI.
Click Reflection Certificate Manager.