Configure User Certificate Authentication

User certificate authentication (a variation of public key authentication) is an optional feature of the Secure Shell protocol. Both X Manager and the Secure Shell server need to be configured to support this.

You can configure Reflection X Advantage to authenticate using any of the following:

  • Certificates you have imported into the Reflection X Advantage database.

  • Personal certificates in the Windows Certificate Store.

  • Certificates stored on PKCS#11 PKCS (Public Key Cryptography Standards) is a set of standards devised and published by RSA laboratories that enable compatibility among public key cryptography implementations. Different PKCS standards identify specifications for particular cryptographic uses. Reflection X Advantage uses the following PKCS standards: PKCS#5 is used to provide password-based encryption for private keys stored in the Reflection X Advantage database. PKCS#11 provides support for authentication using hardware devices, such as smart cards or USB tokens. PKCS#12 is used for storage and transportation of certificates and associated private keys. Files in this format typically use a *.pfx or *.p12 extension. -compliant hardware devices such as smart cards or USB tokens.

The procedures in this section describe how to configure Reflection X Advantage for each of these certificate stores. After you complete the procedure, you can connect to hosts that have been configured to support certificate authentication.

NOTE:

  • To help ensure security, you should always specify a passphrase when you use certificates for user authentication. You will need to enter the passphrase each time you connect to the host.

  • If you have multiple certificates configured, the first time you connect to a host you may be prompted to select a certificate from a list of available certificates. After your first successful connection, Reflection X Advantage will automatically attempt subsequent connections using the same certificate.