Show Contents / Index / Search

PKI Configuration Dialog Box

Getting there

Use the PKI Configuration dialog box to configure PKI settings for Reflection SSL/TLS sessions.

Note: To configure PKI settings for Secure Shell sessions use the PKI tab in the Reflection Secure Shell Settings dialog box.

The options are:

 

Certificate host name must match host being contacted

Specifies whether host name matching is required when validating host certificates. When this setting is enabled (the default), the host name you configure in Reflection must exactly match one of the host names entered in either the CommonName or the SubjectAltName field of the certificate.

 

Use OCSP

Specifies whether Reflection checks for certificate revocation using OCSP (Online Certificate Status Protocol) responders when validating host certificates. OCSP responders may be specified in the AIA extension of the certificate itself. You can also specify OCSP responders using the OCSP tab in the Reflection Certificate Manager.

 

Use CRL

Specifies whether Reflection checks for certificate revocation using CRLs (Certificate Revocation Lists) when validating host certificates. CRLs may be specified in the CDP extension of the certificate itself. You can also specify CRL using the LDAP tab in the Reflection Certificate Manager.

Note: The default value of this setting is based on your current system setting for CRL checking. To view and edit the system setting, launch Internet Explorer, and go to Tools > Internet Options > Advanced. Under Security, look for Check for server certificate revocation.

 

Reflection Certificate Manager

Opens the Reflection Certificate Manager, which you can use to manage certificates in the Reflection stores and to specify PKI settings.

 

View System Certificates

Opens the Windows Certificate Manager, which you can use to manage certificates in your system stores.

Related Topics

PKI Overview