Import User Key Pair or Certificate Dialog Box

Private key, pfx, or p12 file

For public key authentication:

  • The private key of a public/private key pair. Imported keys can be in OpenSSH format or SecSH format.

For certificate authentication, either of the following:

  • The private key associated with a certificate. The two files must be in the same location and the certificate must have the same name as the key with a *.cer or *.crt file extension.

  • A PKCS#12 PKCS (Public Key Cryptography Standards) is a set of standards devised and published by RSA laboratories that enable compatibility among public key cryptography implementations. Different PKCS standards identify specifications for particular cryptographic uses. Reflection X Advantage uses the following PKCS standards: PKCS#5 is used to provide password-based encryption for private keys stored in the Reflection X Advantage database. PKCS#11 provides support for authentication using hardware devices, such as smart cards or USB tokens. PKCS#12 is used for storage and transportation of certificates and associated private keys. Files in this format typically use a *.pfx or *.p12 extension. package file (*.p12, or *.pfx) that contains both the certificate and its associated private key.

File passphrase

Enter the passphrase that protects the specified private key file.

NOTE:You must enter a file passphrase; you cannot import private keys or PKCS#12 package files that are not passphrase-protected.

Key name

The name identifies the key or certificate in the user key database.

No passphrase

Select this option to import the key without passphrase protection.

CAUTION:To help ensure security, all user keys should be passphrase protected. If you don't specify a passphrase, the private key is stored in unencrypted form in the key store, and anyone who gains access to the key can authenticate using it. In standalone mode keys are stored on the same computer as X Manager. In domain mode, keys in the Reflection X Advantage Store are stored in the database on the domain controller and the administrator of that computer will be able to read these keys.

Key passphrase

Enter a passphrase A passphrase is similar to a password, except it can be a phrase with a series of words, punctuation, numbers, white space, or any string of characters. Passphrases improve security by limiting access to secure objects, such as private keys and/or a key agent. for this key or certificate. You will need to enter this passphrase when the key or certificate is used for authentication.


Retype the passphrase.