SSH-CERTIFICATES
Index
- DESCRIPTION
-
- SUMMARY
-
- CONFIGURATION FILES
-
- COPYRIGHT
-
- SEE ALSO
-
DESCRIPTION
This manual page gives a brief overview of requirements for using certificates for authentication with Reflection for Secure IT. For details, refer to the User Guide, which is available at:
https://www.microfocus.com/documentation/rsit-server-client-unix/
SUMMARY
Certificate authentication in Reflection for Secure IT is supported by Reflection PKI Services Manager. To configure your environment:
-
- 1. Install Reflection PKI Services Manager.
-
- 2. Install a certificate signed by a CA and the associated private key on the server (for server authentication) and/or client (for client authentication).
-
- 3. Install the trusted CA root certificate(s) in a certificate store available to Reflection PKI Services Manager.
-
- 4. Configure pki_config(5) to enable PKI Services Manager to validate your certificates.
-
- 5. Configure pki_mapfile(5) to specify which identities can authenticate with your certificates.
-
- 6. Configure Reflection for Secure IT to communicate with Reflection PKI Services Manager and to authenticate using the private key associated with the certificate.
CONFIGURATION FILES
- pki_config
-
Configuration for Reflection PKI Services Manager. See pki_config(5).
- pki_mapfile
-
Identity mapper for use with Reflection PKI Services Manager to bind a certificate to one or more allowed names. See pki_mapfile(5).
- ssh2_config
-
Reflection for Secure IT client configuration file.
-
For client authentication using certificates, configure AllowedAuthentications and IdentificationFile. The specified identification file needs to include a CertKey line that identifies your private key.
-
For server authentication using certificates, configure PkidAddress, PkidPublicKey, and HostKeyAlgorithms.
-
For setting details, see ssh2_config(5).
- sshd2_config
-
Reflection for Secure IT server configuration file.
-
For client authentication using certificates, configure PkidAddress, PkidPublicKey, and AllowedAuthentications (or RequiredAuthentications).
-
For server authentication using certificates, configure HostCertificateFile and HostKeyFile
-
For setting details, see sshd2_config(5).
COPYRIGHT
(c) Copyright 2020 Micro Focus or one of its affiliates.
SEE ALSO
pkid(8), pki_config(5), pki_mapfile(5), pki-val(1), ssh-certview(1), ssh-certtool(1), ssh(1), ssh2_config(5), sshd(8), sshd2_config(5)
Additional Reflection for Secure IT documentation is available online from the documentation web page:
-
https://www.microfocus.com/documentation/rsit-server-client-unix/
And from the technical note library:
-
https://www.microfocus.com/en-us/support/Reflection%20for%20Secure%20IT%20Server%20for%20UNIX