PKI Settings Dialog Box
How do I get to this dialog box?
-
In the TCP/UPD Path Options dialog box, set Security type to something other than No Security.
-
Click PKI Settings.
Use this dialog box to configure PKI settings for ALC, UTS, and T27 terminal sessions.
| Verify host name against host certificate name | Specifies whether host name matching is required when validating host certificates. When this setting is enabled (the default), the host name you configure for the path in the TCP/UDP Path Options dialog box must exactly match a host name or IP address entered in either the CommonName or the SubjectAltName field of the certificate. This setting is required for DOD PKI users. |
| Validate certificate chain | Specifies whether certificates presented for host authentication are checked to determine if they are valid and signed by a trusted CA. |
| Caution: Disabling this option can make connections vulnerable to man-in-the-middle attacks, which could compromise the security of the connection. |
Certificate revocation
| Use CRL | Select this option to validate the authenticating certificate by checking it against a digitally signed list of certificates that have been revoked by the Certification Authority. Certificates identified in a CRL are no longer valid. |
| OCSP | Select this option as an alternative to CRL checking to confirm whether a certificate is valid. OCSP uses the HTTP transport and responds to certificate status requests with one of three digitally signed responses: "good", "revoked", and "unknown".OCSP removes the need for servers and/or clients to retrieve and sort through large CRLs. |
User authentication certificate
Type the name of a user certificate to use for client authentication, or click Browse to select it from a list of personal certificates available in the Reflection Certificate Manager store and the Windows system store.
Reflection Certificate Manager
Click to import and manage user certificates in the Certificate Manager.