Reflection PKI Services Manager provides a service for validating X.509 certificates. You can configure supported Attachmate products to use PKI Services Manager to validate certificates presented for authentication. PKI Services Manager can be installed on Windows or UNIX systems, and a single installation can support validation queries from multiple supported product installations. This user guide provides detailed information about PKI Services Manager. For additional information about configuring supported products to communicate with PKI Services Manager, refer to the product documentation.

Using Reflection PKI Services Manager you can:

• Centralize configuration and management of PKI services.
• Specify which certificates should be designated as the trust anchor when validating certificates presented by authenticating parties. On Windows systems, these can be certificates in the Windows system store.
• Configure access to intermediate certificates stored locally or on an LDAP or HTTP server.
• Configure revocation checking using CRLs stored locally or on an LDAP or HTTP server.
• Configure revocation checking using OCSP.
• Use flexible mapping criteria to determine which users or computers are allowed to authenticate with which certificates.
• Configure custom trust chain, revocation, and mapping settings for individual trust anchors.
• Maintain audit logs.
• Troubleshoot using debug logs.
• Enforce Federal Information Processing Standard (FIPS) 140-2 security requirements.
• Enforce United States Department of Defense PKI requirements.