Skip to content

PKI Configuration

Getting there
  1. Open the Security Properties dialog box.
  2. Enable Use SSL/TLS Security to access the PKI side-menu option.

PKI Configuration for SSL/TLS sessions are available from many Open Text products. The steps used to open this dialog box depend on which product you are running.

note

To configure PKI settings for Secure Shell sessions use the PKI section in the Secure Shell Settings dialog box.

The options are:

Certificate host name must match host being contacted Specifies whether host name matching is required when validating host certificates. When this is enabled (the default), the host name you configure for your session must exactly match a host name or IP address entered in either the CommonName or the SubjectAltName field of the certificate.
Use OCSP Specifies whether your client session checks for certificate revocation using OCSP (Online Certificate Status Protocol) responders when validating host certificates. OCSP responders may be specified in the AIA extension of the certificate itself. You can also specify OCSP responders using the OCSP tab in the Reflection Certificate Manager.
Use CRL Specifies whether your client session checks for certificate revocation using CRLs (Certificate Revocation Lists) when validating host certificates. CRLs may be specified in the CDP extension of the certificate itself. You can also specify CRL using the LDAP tab in the Reflection Certificate Manager.

NOTE: The default value of this setting is based on your current system setting for CRL checking. To view and edit the system setting, launch Internet Explorer, and go to Tools > Internet Options > Advanced. Under Security, look for Check for server certificate revocation.
Client Authentication Displays the options for selecting the client certificate.

When Automatically select client certificate is selected, the first qualifying certificate is presented to the server.

When Prompt for certificate is selected, all qualifying certificates are presented so you can select which certificate to use. If only one certificate qualifies, the client automatically uses that certificate.

If you want to use a particular certificate, select Use selected certificate for authentication to open the Select Certificate dialog box and then select the certificate.

NOTE: the client uses the Server Certificate Request message to determine whether certificates are qualified.
Reflection Certificate Manager Opens the Reflection Certificate Manager.
View System Certificates Opens the Windows Certificate Manager, which you can use to manage certificates in your system stores.