This manual page gives a brief overview of requirements for using certificates for authentication with Reflection for Secure IT. For details, refer to the User Guide, which is available at:
https://www.microfocus.com/documentation/rsit-server-client-unix/.
Certificate authentication in Reflection for Secure IT is supported by Reflection PKI Services Manager. To configure your environment:
1. Install Reflection PKI Services Manager.
2. Install a certificate signed by a CA and the associated private key on the server (for server authentication) and/or client (for client authentication).
3. Install the trusted CA root certificate(s) in a certificate store available to Reflection PKI Services Manager.
4. Configure pki_config(5) to enable PKI Services Manager to validate your certificates.
5. Configure pki_mapfile(5) to specify which identities can authenticate with your certificates.
6. Configure Reflection for Secure IT to communicate with Reflection PKI Services Manager and to authenticate using the private key associated with the certificate.
Configuration for Reflection PKI Services Manager. See pki_config(5).
Identity mapper for use with Reflection PKI Services Manager to bind a certificate to one or more allowed names. See pki_mapfile(5).
Reflection for Secure IT client configuration file.
For client authentication using certificates, configure AllowedAuthentications and IdentificationFile. The specified identification file needs to include a CertKey line that identifies your private key.
For server authentication using certificates, configure PkidAddress, PkidPublicKey, and HostKeyAlgorithms.
For setting details, see ssh2_config(5).
Reflection for Secure IT server configuration file.
For client authentication using certificates, configure PkidAddress, PkidPublicKey, and AllowedAuthentications (or RequiredAuthentications).
For server authentication using certificates, configure HostCertificateFile and HostKeyFile
For setting details, see sshd2_config(5).
(c) Copyright 2023 Micro Focus or one of its affiliates.
pkid(8), pki_config(5), pki_mapfile(5), pki-val(1), ssh-certview(1), ssh-certtool(1), ssh(1), ssh2_config(5), sshd(8), sshd2_config(5)
Additional Reflection for Secure IT documentation is available online from the documentation web page:
https://www.microfocus.com/documentation/rsit-server-client-unix/
And from the technical note library:
https://www.microfocus.com/support/knowledge-base/