Enabling and Disabling Use of the Windows Certificate Store

Reflection Secure Shell and SSL/TLS sessions support the use of digital certificates for both host and user authentication. Reflection applications can be configured to authenticate using only those certificates located in Reflection store, or using both the Windows and the Reflection store.

Host authentication

Enabling use of the Windows certificate store means that you may not need to import the certificates used for host authentication. If your host certificates were acquired from a well-known Certification Authority (CA), such as VeriSign or Thawte, a certificate identifying the issuer as a trusted CA should already be included in the Trusted Root Certification Authorities list on your system. When use of the system store is enabled, Reflection clients look for certificates in both the Reflection and the system store.

Disabling use of the Windows certificate store enables you to have greater control over which certificates are used for authentication. Certificates can be added to the Windows store in a variety of ways, and you may not want to allow use of all of these certificates for authenticating Reflection sessions. When use of the Windows store is disabled, only those certificates you have imported into the Reflection store are used for host authentication.

To enable (or disable) host authentication using certificates in the Windows store:

  1. Open the Reflection Certificate Manager.
  2. Click the Trusted Certificate Authorities tab.
  3. Select (or clear) Use System Certificate Store for SSH connections and/or Use System Certificate Store for SSL/TLS connections.

User authentication

Reflection uses personal certificates in the Windows store and the Reflection store in the same way. Available personal certificates include those in the Windows personal store, the Reflection personal store, and certificates on configured hardware tokens (for example smart cards).

  • If you have configured a Reflection Secure Shell session, you must specify which certificates to use for user authentication from the User Keys tab in the Secure Shell settings dialog box.
  • If you have configured a Reflection SSL/TLS session, all certificates located in either store are automatically available for user authentication.