Launch Tectia Connections Configuration GUI.

Right-click in the system tray and select Configuration.

Under General, click Default Connection. Select the Authentication tab. Ensure that public-key authentication is enabled and it is the first or only method in the list. By default, it is enabled.

Under Public-Key Authentication, you can select to use public keys or certificates or both in the authentication.

Figure 4.7. Enabling public-key authentication

If you are using connection profiles, select the profile name under Connection Profiles. Select the Authentication tab and ensure that public-key authentication is enabled.

Tectia suggests installing the certificate into the Microsoft Certificate store that is a personal store for the user.

Under User Authentication, select Key Providers. Enable Microsoft Crypto API and click Apply.

Figure 4.8. Enabling Microsoft Crypto API as a certificate provider

You can also read certificate information from USB tokens or smartcards via Microsoft Crypto API if they are compatible with the API. Alternatively USB tokens or smartcards can be used by enabling PCKS#11.

The certificate is now loaded into the client automatically. Under User Authentication, select Keys and Certificates. You can see the available certificates under Key and Certificate List.

Figure 4.9. Viewing available certificates

Tectia Client can also read key and certificate information from the file system. These can be defined under Additional Directories and Files.

	Note
	Ensure that the client certificate is set up for client authentication only. It makes troubleshooting several certificates easier, for example, as server authentication certificates cannot be used as user certificates.