Use this section to configure PKI settings for Secure Shell sessions.
The options are:
Certificate host name must match host being contacted |
Specifies whether host name matching is required when validating host certificates. When this setting is enabled (the default), the host name you configure for your session must exactly match a host name entered in either the CommonName or the SubjectAltName field of the certificate. |
Use OCSP |
Specifies whether Reflection checks for certificate revocation using OCSP (Online Certificate Status Protocol) responders when validating host certificates. OCSP responders may be specified in the AIA extension of the certificate itself. You can also specify OCSP responders using the OCSP tab in the Reflection Certificate Manager. |
Use CRL |
Specifies whether Reflection checks for certificate revocation using CRLs (Certificate Revocation Lists) when validating host certificates. CRLs may be specified in the CDP extension of the certificate itself. You can also specify CRL using the LDAP tab in the Reflection Certificate Manager. Note: The default value of this setting is based on your current system setting for CRL checking. To view and edit the system setting, launch Internet Explorer, and go to Tools > Internet Options > Advanced. Under Security, look for Check for server certificate revocation. |
Reflection Certificate Manager |
Opens the Reflection Certificate Manager, which you can use to manage certificates in the Reflection Certificate Manager store and to specify PKI settings. |
View System Certificates |
Opens the Windows Certificate Manager, which you can use to manage certificates in your system stores. |
NOTE:
The settings you configure in this dialog box are saved to the Secure Shell configuration file. You can also configure Secure Shell settings by editing this file manually in any text editor.
Within the configuration file, these settings are saved for the currently specified SSH configuration scheme.