Configure Reflection for Secure IT for Certificate Authentication
After you have configured PKI Services Manager, you need to configure the Reflection for Secure IT server to contact PKI Services Manager for certificate validation services.
To configure Reflection for Secure IT to support certificate authentication
- Start the Reflection for Secure IT console (Attachmate Reflection > Reflection SSH Server Configuration).
- From the Public Key pane, ensure that Public key authentication is set to Allow or Require. (Allow is the default.)
- Open the Certificates pane (Configuration > Authentication > Certificates) and use the steps that follow to configure connections to one or more running instances of PKI Services Manager.
Note: If PKI Services Manager is running on the same computer as Reflection for Secure IT, you can use the default localhost entry. If PKI Services Manager is running on a different computer, delete the localhost entry and use the following steps to add one or more PKI servers to the list.
- Click Add to open the PKI Configuration dialog box.
- For PKI server, specify the name or IP address of the computer running PKI Services Manager. In the Port field, the default port used by PKI Services Manager is already configured. Edit this if you use a non-default port.
- Click Retrieve public key. You'll see a dialog box that displays the fingerprint of the PKI Services Manager public key. (This key should match the key displayed in the PKI Services Manager console when you go to Utility > View Public Key.) Click Yes to confirm the key fingerprint.
You'll have an opportunity to confirm the name and location for this key. When you click OK, the full path to the key file is entered automatically in PKI server public key.
Note: The Retrieve public key option is supported by PKI Services Manager 1.2 and later. If you are running an earlier version, you can manually copy the PKI Services Manager public key to the computer running Reflection for Secure IT, then manually enter the key name and location in the Public key file field.
- Click OK to close the PKI Configuration dialog box.
- (Optional) Add additional PKI servers to your list. If you configure connections to more than one PKI server, Reflection for Secure IT uses a round robin method to determine which PKI server to contact. If a PKI server is not available, Reflection for Secure IT contacts the next server on the list.
To ensure that each PKI server returns the same validation for all certificates, make sure that all your instances of PKI Services Manager have identical trust anchors, configuration settings, and mapping files.
- Save your settings (File > Save Settings).