Authenticate using Smart Cards or other PKCS#11-compliant Devices

Use this procedure to configure Reflection X Advantage Secure Shell sessions to authenticate using PKCS#11-compliant hardware devices such as smart cards or USB tokens.


  • PKCS#11 is not supported in the 64-bit version of Reflection X Advantage.
  • The Secure Shell server administrator must configure the server to accept and validate user certificates. The procedure depends on the server. Refer to the Secure Shell server documentation for details.

Before you begin:

Install the software supplied by your card or token provider. You will need to know the name and location of the library file (*.dll or *.so) used by that provider to provide access to your hardware device. On Windows, this is typically installed to the Windows system folder. You may need to contact the device manufacturer to determine the correct file.

To configure authentication using a smart card or other PKCS#11-compliant device

  1. Launch X Manager or X Manager for Domains.
  2. From the Tools menu, select Secure Shell User Keys.
  3. Next to User Key Sources click the plus sign (+) and select Add PKCS#11 Provider.

    An item called "PKCS#11 Provider" is added to your list of certificate stores. You can edit this provider name.

  4. For Library, specify the full path to the library file (*.dll or *.so) used by your device software.


  • In order to view the certificates or authenticate with your device, you will need to enter information (such as a PIN) required by the provider.
  • The first time you make a connection, you see two entries to authenticate with your device. The first entry is for authentication using the certificate in your device. The second entry is for standard public key authentication using the public key associated with that certificate. Authentication using the public key entry requires that your key be added to the server's list of authorized keys.

Related Topics

Configure User Certificate Authentication