PKCS#11 Tab (Reflection Certificate Manager)

Getting there

Use the PKCS#11 tab to configure authentication using hardware devices, such as smart cards or USB tokens. Your hardware device must conform to PKCS#11 PKCS (Public Key Cryptography Standards) is a set of standards devised and published by RSA laboratories that enable compatibility among public key cryptography implementations. Different PKCS standards identify specifications for particular cryptographic uses, for example:

  • PKCS#7 can be used to sign and/or encrypt messages. It can also be used to store certificates and to disseminate certificates (for instance as a response to a PKCS#10 message).

  • PKCS#10 is a certification request syntax.

  • PKCS#11 is a programming interface used for cryptographic hardware tokens.

  • PKCS#12 defines the personal information exchange syntax used for storage and transportation of certificates and associated private keys. Files in this format typically use a *.pfx or *.p12 extension.


This tab displays all currently available devices, and any certificates or public keys located on those devices. When use of a device is enabled using the check box provided, Reflection automatically uses any certificates or keys on the device for user authentication.

You must install the software supplied by your token provider before you can configure Reflection to authenticate using a hardware token. To configure authentication using the token, you will also need to know the name and location of the library file (*.dll) used by that provider to provide access to your hardware device.

The options are:

Providers list

Displays devices currently available. Clear the check box(es) to disable authentication with a listed device.

Device Contents

Displays keys and certificates available on the selected device.

View Certificate

Displays the selected certificate.

Disconnect automatically when token is removed

When selected, the connection is active only while the token is present.

Seconds to wait before disconnecting

Specifies the number of seconds to wait to disconnect after a token is removed.