Skip to content

Domain Security and PKI Configuration

How do I get to this dialog box?

From the Administrative Console

  • Click the Domain Composition side tab.

Domain security items apply globally to all of the nodes in the domain.

Option Description
FIPS mode Enforces the United States government Federal Information Processing Standard (FIPS) 140-2 for this connection. When FIPS mode is selected, all available settings use security protocols and algorithms that meet this standard. Encryption options that do not meet this standard are not available; only the Secure Shell connection method can be used to start X clients, and XDMCP is not available as a session startup option.
Note: Changes to the FIPS mode state will take effect only upon restart of the domain. You must also enable FIPS mode in X Manager for Domains. Each time you change the FIPS mode setting, you must restart the Reflection X Service on the Domain Controller.

PKI Configuration

Use the PKI Configuration items to configure connections to PKI Services Manager, a free add-on utility that provides X.509 certificate validation services. This utility is required if your client hosts authenticate using certificates. Before you configure the options on this tab, you need to download and configure this free add-on utility.

Option Description
PKI service Specify the host name or IP address of the computer running PKI Services Manager.
Note: If PKI Services Manager is configured to use a non-default port, include the port value using hostname:port syntax. For example: acme.com:18081.
Public key MD5 fingerprint SHA1 fingerprint These read-only items display information about a PKI Services Manager public key after it has been successfully imported.
Import Key Use this option to manually import the PKI Services Manager public key. First, copy the key from the PKI Services Manager computer to any location available from Reflection X.
Download Key Retrieves the public key from the specified PKI server and displays a dialog box that allows you to confirm this identity. To compare the presented fingerprint with the actual PKI Services Manager key, open the PKI Services Manager console on the PKI server, and go to Utility > View Public Key.
When you click Yes to accept the key, the key is imported into the Reflection X database.
Note: Download Key is available if you are connecting to PKI Services Manager version 1.2 or later. If you are connecting to an older version, install the public key using Import Key.
Delete Key Removes the PKI Services Manager key from the Reflection X database.

More information

Back to top