Skip to content

Authenticate with Certificates in a Local Directory

Use this procedure to configure Reflection X Secure Shell sessions to authenticate users with certificates stored locally (on the computer running X Manager or X Manager for Domains).


The Secure Shell server administrator must configure the server to accept and validate user certificates. The procedure depends on the server. Refer to the Secure Shell server documentation for details.

Before you begin

Obtain a personal certificate from a certificate-granting authority and copy it to a secure location on the computer running X Manager. Private keys and PKCS#12 packages should be placed in a folder that is readable only by the owner.

You can use:

  • A certificate file and its associated private key. The two files must be in the same location and the certificate must have the same name as the key with a *.cer or *.crt file extension.


  • A PKCS#12 package file (*.p12, or *.pfx) that contains both the certificate and its associated private key.


PKCS (Public Key Cryptography Standards) is a set of standards devised and published by RSA laboratories that enable compatibility among public key cryptography implementations. Different PKCS standards identify specifications for particular cryptographic uses. Reflection X uses the following PKCS standards:

  • PKCS#5 is used to provide password-based encryption for private keys stored in the Reflection X database.

  • PKCS#11 provides support for authentication using hardware devices, such as smart cards or USB tokens.

  • PKCS#12 is used for storage and transportation of certificates and associated private keys. Files in this format typically use a *.pfx or *.p12 extension.

You will also need to know the passphrase that has been used to protect the private key or certificate package file.

To authenticate with a certificate in a local directory

  1. Launch X Manager or X Manager for Domains.

  2. From the Tools menu, select Secure Shell User Keys.

  3. Next to User Key Sources click the plus sign (+) and select Add Local Directory.

  4. For Directory, specify the directory you want to use as for your store. Because this location contains a user's private keys it should be a location that is readable only by the user who authenticates with these keys.

  5. Click Import.


    Using the Import feature is recommended for adding keys to your directory. Reflection X sets correct permissions on imported keys and ensures that the key uses a supported file format.

  6. Browse to locate the private key file or certificate.

  7. For File passphrase enter the passphrase that currently protects the file. This is required to decrypt the file and import the key.

  8. For Key name enter a name for this certificate. This name shows up in the list of user keys and also appears in the prompt a user sees when this certificate is used to make a connection.

  9. Enter a value for Key passphrase. This can be the same as the original file passphrase or different.

More information

Back to top