Configure User Certificate Authentication

User certificate authentication (a variation of public key authentication) is an optional feature of the Secure Shell protocol. Both X Manager and the Secure Shell server need to be configured to support this.

You can configure Reflection X Advantage to authenticate using any of the following:

  • Certificates you have imported into the Reflection X Advantage database.
  • Personal certificates in the Windows Certificate Store.
  • Certificates stored on PKCS#11-compliant hardware devices such as smart cards or USB tokens.

The procedures in this section describe how to configure Reflection X Advantage for each of these certificate stores. After you complete the procedure, you can connect to hosts that have been configured to support certificate authentication.


  • To help ensure security, you should always specify a passphrase when you use certificates for user authentication. You will need to enter the passphrase each time you connect to the host.
  • If you have multiple certificates configured, the first time you connect to a host you may be prompted to select a certificate from a list of available certificates. After your first successful connection, Reflection X Advantage will automatically attempt subsequent connections using the same certificate.

In this Section

Authenticate with Certificates in the Reflection X Advantage Store

Authenticate with Certificates in a Local Directory

Authenticate with Certificates in the Windows Certificate Store

Authenticate using Smart Cards or other PKCS#11-compliant Devices

Related Topics

Set Up Secure Shell (SSH) Connections

User Authentication for Secure Shell Sessions