Configure the Client for Certificate Authentication
Your Secure Shell client will need to be configured to present a certificate for user authentication. The basic steps are outlined here. Details for configuring the Reflection for Secure IT Client for Windows are included in parentheses. For other clients, refer to the client documentation.
To configure the Secure Shell client
- Install the user certificate and associated private key on the client computer or configure the system to present certificates using smart cards or USB tokens.
(For connections from the Reflection for Secure IT Client for Windows, you can import certificates using PKCS#12 files (typically *.pfx or *.p12) that contain a certificate and its associated private key. You can import these to either the Windows certificate store or the Reflection certificate store. Access to both stores is available from the Reflection Secure Shell Settings dialog box from the PKI tab. To set up connections using smart cards or tokens, from the PKI tab, open the Reflection Certificate Manager and use the PKCS#11 tab.)
- Configure the client to authenticate using a certificate.
(In the Reflection for Secure IT Client for Windows, open Reflection Secure Shell Settings dialog box, and select the User Keys tab. Certificates you have imported into the Windows and Reflection stores are automatically included in the list of available keys. Select the certificate(s) you want to use for authentication. If you have configured use of a smart card or token, Reflection automatically uses any certificates or keys on the device for user authentication.)
- Confirm that the client supports public key authentication.
(All Reflection Secure Shell clients support public key authentication by default. To confirm authentication settings from the Reflection Secure Shell Settings dialog box, go to the General tab.)