Import User Key Pair or Certificate Dialog Box
How do I get to this dialog box?
From X Manager
-
Click Tools > Secure Shell User Keys.
-
Under User Key Sources, select Reflection X Store (the default), or any configured local directory store.
-
From the Secure Shell User Keys dialog box, click Import.
Item | Description |
---|---|
Private key, pfx, or p12 file | For public key authentication, the private key of a public/private key pair. Imported keys can be in OpenSSH format or SecSH format. |
For certificate authentication, either of the following: | |
- The private key associated with a certificate. The two files must be in the same location and the certificate must have the same name as the key with a .cer or .crt file extension. | |
- A PKCS#12 package file (.p12, or .pfx) that contains both the certificate and its associated private key. | |
Note: PKCS (Public Key Cryptography Standards) is a set of standards devised and published by RSA laboratories that enable compatibility among public key cryptography implementations. Different PKCS standards identify specifications for particular cryptographic uses. Reflection X uses the following PKCS standards: | |
PKCS#5 is used to provide password-based encryption for private keys stored in the Reflection X database. | |
PKCS#11 provides support for authentication using hardware devices, such as smart cards or USB tokens. | |
PKCS#12 is used for storage and transportation of certificates and associated private keys. Files in this format typically use a *.pfx or*.p12 extension. | |
File passphrase | Enter the passphrase that protects the specified private key file. |
Note: You must enter a file passphrase; you cannot import private keys or PKCS#12 package files that are not passphrase-protected. | |
Key name | The name identifies the key or certificate in the user key database. |
No passphrase | Select this option to import the key without passphrase protection. |
Caution: To help ensure security, all user keys should be passphrase protected. If you don't specify a passphrase, the private key is stored in unencrypted form in the key store, and anyone who gains access to the key can authenticate using it. In standalone mode keys are stored on the same computer as X Manager. In domain mode, keys in the Reflection X Store are stored in the database on the domain controller and the administrator of that computer will be able to read these keys. | |
Key passphrase | Enter a passphrase for this key or certificate. You will need to enter this passphrase when the key or certificate is used for authentication. |
Note: A passphrase is similar to a password, except it can be a phrase with a series of words, punctuation, numbers, white space, or any string of characters. Passphrases improve security by limiting access to secure objects, such as private keys or a key agent. | |
Verify | Retype the passphrase. |
More information