Use this dialog box to configure PKI settings for ALC, UTS, and T27 terminal sessions.
|
Specifies whether host name matching is required when validating host certificates. When this setting is enabled (the default), the host name you configure for the path in the TCP/UDP Path Options dialog box must exactly match a host name or IP address entered in either the CommonName or the SubjectAltName field of the certificate. This setting is required for DOD PKI users. |
|
Specifies whether certificates presented for host authentication are checked to determine if they are valid and signed by a trusted CA. CAUTION: Disabling this option can make connections vulnerable to man-in-the-middle attacks, which could compromise the security of the connection. |
Certificate revocation
|
Select this option to validate the authenticating certificate by checking it against a digitally signed list of certificates that have been revoked by the Certification Authority. Certificates identified in a CRL are no longer valid. |
|
Select this option as an alternative to CRL checking to confirm whether a certificate is valid. OCSP uses the HTTP transport and responds to certificate status requests with one of three digitally signed responses: "good", "revoked", and "unknown".OCSP removes the need for servers and/or clients to retrieve and sort through large CRLs. |
User authentication certificate
Type the name of a user certificate to use for client authentication, or click
to select it from a list of personal certificates available in the Reflection Certificate Manager store and the Windows system store.Reflection Certificate Manager
Click to import and manage user certificates in the Reflection Certificate Manager.