Domain Security and PKI Configuration - Domain Composition

Getting there

Domain security items apply globally to all of the nodes in the domain.

FIPS mode

Enforces the United States government Federal Information Processing Standard (FIPS) 140-2 for this connection. When FIPS mode is selected, all available settings use security protocols and algorithms that meet this standard. Encryption options that do not meet this standard are not available; only the Secure Shell connection method can be used to start X clients, and XDMCP is not available as a session startup option.

Note: Changes to the FIPS mode state will take effect only upon restart of the domain. You must also enable FIPS mode in X Manager for Domains. Each time you change the FIPS mode setting, you must restart the Reflection X Service on the Domain Controller.

PKI Configuration


Use the PKI Configuration items to configure connections to PKI Services Manager, a free add-on utility that provides X.509 certificate validation services. This utility is required if your client hosts authenticate using certificates. Before you configure the options on this tab, you need to download and configure this free add-on utility.

PKI service

Specify the host name or IP address of the computer running PKI Services Manager.

Note: If PKI Services Manager is configured to use a non-default port, include the port value using hostname:port syntax. For example


Public key

MD5 fingerprint

SHA1 fingerprint


These read-only items display information about a PKI Services Manager public key after it has been successfully imported.

Import Key

Use this option to manually import the PKI Services Manager public key. First, copy the key from the PKI Services Manager computer (default locations are below) to any location available from Reflection X Advantage.

The default location on Windows is:
common application data folder\Attachmate\ReflectionPKI\config\

The default location on UNIX is:


Download Key

Retrieves the public key from the specified PKI server and displays a dialog box that allows you to confirm this identity. To compare the presented fingerprint with the actual PKI Services Manager key open the PKI Services Manager console on the PKI server, and go to Utility > View Public Key.

When you click Yes to accept the key, the key is imported into the Reflection X Advantage database.

Note: Download Key is available if you are connecting to PKI Services Manager version 1.2 or later. If you are connecting to an older version, install the public key using Import Key.


Delete Key

Removes the PKI Services Manager key from the Reflection X Advantage database.

Related Topics

Configure Load Balancing

Federal Information Processing Standard (FIPS)

Using PKI Services Manager with Reflection X Advantage

Configure Reflection X Advantage to Connect to PKI Services Manager