Show Contents / Index / Search

Automatic Migration of Reflection 6.x and F-Secure Settings

When you install Reflection for Secure IT Windows Server on systems with an F-Secure server or Reflection for Secure IT version 6.x, Reflection for Secure IT automatically migrates your current identity (host key and certificates) and settings. Your existing key and configuration files are not changed.

  • Existing host keys (hostkey and by default) are copied to the new key location, so you don't need to make any changes to clients that are configured to trust your current host key.
  • Settings in your existing sshd2_config file are migrated to the new xml configuration file. Migration information is saved to the migration log file.
  • If you used a password cache, cached passwords are migrated to the new password cache file.

This migration occurs the first time you:

  • Start the server console. This triggers the migration of keys and settings without automatically starting the server.


  • Start the service. When you restart Windows, the service starts automatically. This triggers the migration and starts the server using the migrated key and settings. (You can also start the service manually using the rsshd command line or using the Windows Computer Management console.) Note: The service cannot start if an earlier version server is still running using the same port.


  • It is possible to run both version 7.x and 6.x on the same computer. If you want to test version 7.x before uninstalling the earlier version, either stop the earlier version service, or configure version 7.x to use a different port.
  • If you have an existing XML settings file, the server will not migrate the settings from a previous version settings file. This enables you to configure a single settings file and install it onto multiple servers.
  • Automatic migration won't take place if you have already uninstalled your prior version.
  • You can manually migrate settings using the rsshd command line utility with the -m option.

Automatic Migration of PKI Settings

Settings for validating user certificates are configured in the sshd2_config file in F-Secure and Reflection for Secure IT version 6.x. Starting with version 7.1, user authentication with certificates is supported by Reflection PKI Services Manager. When you first start PKI Services Manager on a system that has a prior version sshd2_config file, certificate authentication settings are automatically migrated to the pki_config and pki_mapfile files used by PKI Services Manager.


  • If the pki_config file in the destination folder already has a trust anchor configured, no migration occurs. This helps ensure that the migration won't overwrite modifications you have already configured.
  • You can manually migrate PKI settings using the winpki command line utility with the -m option.

Related Topics

Install and Uninstall Reflection for Secure IT

Install and Uninstall Reflection PKI Services Manager

Table of Migrated Settings

Table of Migrated PKI Settings