DESCRIPTION

This manual page gives a brief overview of requirements for using certificates for authentication with Reflection for Secure IT. For details, refer to the User Guide, which is available at:

http://support.attachmate.com/manuals/rsit_unix.html.

SUMMARY

Certificate authentication in Reflection for Secure IT is supported by Reflection PKI Services Manager. To configure your environment:

  1. Install Reflection PKI Services Manager.

  2. Install a certificate signed by a CA and the associated private key on the server (for server authentication) and/or client (for client authentication).

  3. Install the trusted CA root certificate(s) in a certificate store available to Reflection PKI Services Manager.

  4. Configure pki_config(5) to enable PKI Services Manager to validate your certificates.

  5. Configure pki_mapfile(5) to specify which identities can authenticate with your certificates.

  6. Configure Reflection for Secure IT to communicate with Reflection PKI Services Manager and to authenticate using the private key associated with the certificate.

CONFIGURATION FILES

pki_config

Configuration for Reflection PKI Services Manager. See pki_config(5).

pki_mapfile

Identity mapper for use with Reflection PKI Services Manager to bind a certificate to one or more allowed names. See pki_mapfile(5).

ssh2_config

Reflection for Secure IT client configuration file.

For client authentication using certificates, configure AllowedAuthentications and IdentificationFile The specified identification file needs to include a CertKey line that identifies your private key.

For server authentication using certificates, configure PkidAddress, PkidPublicKey, and HostKeyAlgorithms.

For setting details, see ssh2_config(5).

sshd2_config

Reflection for Secure IT server configuration file.

For client authentication using certificates, configure PkidAddress, PkidPublicKey, and AllowedAuthentications (or RequiredAuthentications).

For server authentication using certificates, configure HostCertificateFile and HostKeyFile

For setting details, see sshd2_config(5).

COPYRIGHT

Copyright (C) 2012 Attachmate Corporation

SEE ALSO

pkid(8), pki_config(5), pki_mapfile(5), pki-val(1), ssh-certview(1), ssh-certtool(1), ssh(1), ssh2_config(5), sshd(8), sshd2_config(5)

Additional Reflection for Secure IT documentation is available online from the Attachmate documentation web page:

http://support.attachmate.com/manuals/

And from the technical note library:

http://support.attachmate.com/techdocs/