Under User Authentication, you can configure settings related to public-key and certificate authentication. See Managing Keys and Certificates and Managing Key Providers.
To enable or disable public-key authentication, see Defining Default Settings and Defining Authentication.
On the Keys and Certificates page, you can add key and certificate files used in user authentication, generate a new key, upload a key to a server, or change the passphrase for a key.
The default location of user keys.
The default location of user certificates.
Use the Add... button to add a directory of keys, Delete to remove.
Select a key from the list and click Change passphrase... to change the passphrase.
Click Upload... to upload the key to a server. See Uploading the Public Key Automatically (Windows).
Click New key... to start the key generation wizard. See Key Generation Wizard.
Use the Add... button to add single keys and certificates, Delete to remove.
Note | |
---|---|
The user-specific |
On the Key Providers page you can define the settings of external key providers used in user authentication. Available key providers are MSCAPI, Entrust, and PKCS#11.
SSH Tectia Client and Connector can access keys via Microsoft Crypto API (MSCAPI). MSCAPI is a standard cryptographic interface used in Microsoft Windows systems.
Microsoft Crypto API (MSCAPI) providers can be enabled by selecting the Enable Microsoft Crypto API check box. If you enable the MSCAPI providers, you can use software keys and certificates created by Microsoft applications.
You can also select the polling interval (in milliseconds) for MSCAPI.
If 0
(zero) is selected, the Connection Broker will not poll MSCAPI,
but will wait for system notifications instead.
Select the Enable Entrust check box to enable using Entrust.
Enter the Initialization file
(*.ini
) and Profile file
(*.epf
).
By using the Entrust provider, SSH Tectia Client and Connector can utilize keys and
certificates stored in an Entrust profile file (.epf
). The
initialization file includes the basic Entrust PKI configuration (for
example the CA address).
When the provider is enabled for the first time, Entrust Entelligence will prompt for your Entrust password. As long as the Entrust provider is enabled, the password is asked each time SSH Tectia Client/Connector is started.
PKCS#11
By using the PKCS#11 provider, SSH Tectia Client and Connector can use keys and certificates stored in PKCS#11 tokens (for example, smart cards or USB tokens).
Click Add... to define a PKCS#11 provider.
Define a dynamic library containing the PKCS#11 driver.
Define slots. A slot is a logical reader that potentially contains a
token. Slots are manufacturer-specific. They are defined with an integer.
Examples: "0,1
", "0-3, !2
", "2
".