Using PKI Services Manager
Reflection PKI Services Manager is a service that provides X.509 certificate validation services. If your client users configure authenticate using certificates, you need to download and install this application. It is available at no additional charge.
- Reflection PKI Services Manager is required by the server to authenticate clients that use certificates.
- Reflection PKI Services Manager is supported on both Windows and UNIX platforms.
- Reflection PKI Services Manager supports central management of PKI settings. You can install and configure a single instance of PKI Services Manager to provide certificate validation services for all supported Attachmate products.
This user guide provides basic information about installing PKI Services Manager and configuring Reflection for Secure IT to use it for certificate validation services. For additional information, refer to the PKI Services Manager documentation at http://support.attachmate.com/manuals/pki.html.
How it Works
- The Secure Shell client presents a certificate to the server for user authentication.
- The Reflection for Secure IT server connects to Reflection PKI Services Manager and verifies its identity using an installed public key.
- Reflection for Secure IT sends the certificate and the user name to PKI Services Manager.
- PKI Services Manager determines if the certificate is valid and whether the user is allowed to authenticate with this certificate based on the rules the PKI Services Manager administrator has configured on the PKI Services Manager Identity Mapper pane. This information is returned to Reflection for Secure IT.
- If the certificate is valid and the user presenting it is an allowed identity for this certificate, Reflection for Secure IT validates the user's digital signature. If the digital signature is verified, user authentication is successful.