Trusted Certification Authorities Tab (Reflection Certificate Manager)

Getting there

Use this tab to manage certificates from trusted certification authorities (CAs) in the Reflection certificate store. Reflection automatically uses any certificates in the Trusted Certification Authorities store for host (server) authentication.

Import

Add a certificate (typically *.cer or *.crt) to the Reflection store.

Remove

Remove the selected certificate from the Reflection store.

View

View the selected certificate.

Store trusted certificates in the common application data folder

By default, trusted roots that you add using the Import button are saved to the following Reflection store, which makes them available only to your current user account:

personal_documents_folder The default is:

  • Windows 8, Windows 7, Windows Vista, Windows Server 2008:

    \Users\ username \ Documents\

  • Windows XP, Windows Server 2003:

    \Documents and Settings\ username \My Documents\

\Micro Focus \Reflection\.pki\trust_store.p12

Select Store trusted certificates in the common application data folder to import a certificate to the following location, which makes it available to all users of the computer:

common_application_data_folder The application data folder is hidden by default. The default is:

  • Windows 8, Windows 7, Windows Vista, Windows Server 2008:

    \ProgramData\

  • Windows XP, Windows Server 2003:

    \Documents and Settings\all users\Application Data\

\Micro Focus \Reflection\.pki\trust_store.p12

Notes:

  • The value of this setting is not saved. Selecting or clearing it only affects which certificate store you are viewing and editing while the dialog box remains open. If a shared store is present, this setting is selected by default when you open the dialog box. If no shared store is present, the setting is not selected by default.

  • If a shared store exists, trusted roots are read exclusively from the shared store. Trusted roots you have configured for individual user accounts no longer have any effect.

  • To revert to user-specific trusted root stores after creating a shared store, you must delete or rename the shared trust_store.p12 file. If you simply clear this setting, subsequent changes will modify your personal store, but the personal store continues to have no effect on Reflection's behavior as long as trust_store.p12 is still present in the common application data folder.ยท

  • If the operating system has been configured by the administrator to deny users write access to common_application_data_folder The application data folder is hidden by default. The default is:

    • Windows 8, Windows 7, Windows Vista, Windows Server 2008:

      \ProgramData\

    • Windows XP, Windows Server 2003:

      \Documents and Settings\all users\Application Data\

    \Micro Focus\Reflection, this setting is not available to those users and they will not be able to modify items in the shared trusted root store.

Use System Certificate Store for SSH connections

When this item is selected, Reflection uses certificates in your Windows certificate store (in addition to any certificates you have imported into the Reflection store) to authenticate hosts when establishing a Secure Shell connection.

Clear this setting to ensure that Reflection applications authenticate hosts using only the certificates in the Reflection store.

Use System Certificate Store for SSL/TLS connections

When this item is selected, Reflection uses certificates in your Windows certificate store (in addition to any certificates you have imported into the Reflection store) to authenticate hosts when establishing an SSL/TLS connection.

Clear this setting to ensure that Reflection applications authenticate hosts using only the certificates in the Reflection store.

Allow MD5 signed certificates

Allow MD2 signed certificates

When these items are selected, Reflection accepts intermediate CA certificates signed with the specified hash. When these items are not selected, certificate validation fails if an intermediate certificate is signed with the specified hash.

  • These certificate hash settings affect intermediate CA certificates only; Reflection accepts any certificate that has been added to your trusted root store, regardless of the signature hash type.

  • These settings are not available if Reflection has been configured by group policy to run in DOD PKI mode.