Show Contents / Index / Search

Certificate Authentication for Users

Using certificates for client authentication solves some of the problems presented by public key authentication. With public key authentication, each client must upload a copy of the public key to every server. Certificate authentication avoids this problem by using a trusted third party, the certification authority (CA), to verify the validity of information coming from the client. With certificates, you can configure authentication using a single trust anchor instead of multiple unique client public keys.

Note: Reflection PKI Services Manager supports central management of PKI settings. You can install and configure a single instance of PKI Services Manager to provide certificate validation services for all supported Attachmate products.




Reflection PKI Services Manager must be installed and correctly configured.

PKI Services Manager validates the certificate and uses a map file to determine which users can authenticate with a valid certificate. You need to configure at least one trust anchor and one mapping rule for certificate validation to succeed. You may also need to configure access to intermediate certificates and to certificate revocation information.


A certificate signed by a CA and the associated private key must be installed on the client.


The client sends this certificate to the server to authenticate the user.

The Reflection for Secure IT server must have a copy of the PKI Services Manager public key and be configured to connect to PKI Services Manager.

The server communicates with PKI Services Manager to confirm the validity of the user certificate.

Related Topics

Using PKI Services Manager

Configure Certificate Authentication for Users

Certificates Pane

Start and Stop the PKI Services Manager Service on Windows

Using PKI Services Manager

Configure Certificate Authentication for Users