Digital Certificate Stores

Digital certificates are maintained on your computer in certificate stores. A certificate store contains the certificates you use to confirm the identity of remote parties, and may also contain personal certificates, which you use to identify yourself to remote parties. Personal certificates are associated with a private key on your computer.

Reflection can be configured to use digital certificates located in either or both of the following stores:

  • The Windows Certificate Store

    This store can be used by a number of applications, including Reflection, web browsers, and mail clients. Some certificates in this store are included when you install the Windows operating system. Others may be added when you connect to internet sites and establish trust, when you install software, or when you receive an encrypted or digitally signed e-mail. You can also import certificates manually into your Windows store. Manage the certificates in this store using the Windows Certificate Manager.

  • The Reflection Certificate Store

    This store is used only by Reflection applications. To add certificates to this store, you must import them manually. You can import certificates from files and also use certificates on hardware tokens such as smart cards. Manage the certificates in this store using the Reflection Certificate Manager.

Reflection applications can be configured to authenticate using only those certificates located in the Reflection store, or using both the Windows and the Reflection store. Enabling host authentication using certificates from the Windows certificate store means that you may not need to import certificates, because authentication may be accomplished using certificates that are already available. Disabling authentication using certificates from Windows certificate store enables you to have greater control over which certificates are used for authentication. For more information, see Enabling or Disabling authentication using the Windows certificate store.