Certificate host name must match host being contacted

Specifies whether host name matching is required when validating host certificates. When this setting is enabled (the default), the host name you configure in Reflection must exactly match a host name or IP address entered in either the CommonName or the SubjectAltName field of the certificate.

Use OCSP

Specifies whether Reflection checks for certificate revocation using OCSP (Online Certificate Status Protocol) responders when validating host certificates. OCSP responders may be specified in the AIA extension of the certificate itself. You can also specify OCSP responders using the OCSP tab in the Reflection Certificate Manager.

Use CRL

Specifies whether Reflection checks for certificate revocation using CRLs (Certificate Revocation Lists) when validating host certificates. CRLs may be specified in the CDP extension of the certificate itself. You can also specify CRL using the LDAP tab in the Reflection Certificate Manager.

Note: The default value of this setting is based on your current system setting for CRL checking. To view and edit the system setting, launch Internet Explorer, and go to Tools > Internet Options > Advanced. Under Security, look for Check for server certificate revocation.

Client Authentication

When Find certificate for authentication is selected, all available personal certificates are presented to the server for client authentication.

To specify a particular certificate, select Use selected certificate for authentication, then click Select to specify which certificate.

Reflection Certificate Manager

Opens the Reflection Certificate Manager, which you can use to manage certificates in the Reflection stores and to specify PKI settings.

View System Certificates

Opens the Windows Certificate Manager, which you can use to manage certificates in your system stores.