On the Keys and Certificates page, you can add key and certificate files used in user authentication, generate a new key, upload a key to a server, or change the passphrase for a key.
- Default keys
The default location of user keys.
- Default certificates
The default location of user certificates.
Use the Add... button to add a directory of keys, Delete to remove.
Select a key from the list and click Change passphrase... to change the passphrase.
Click Upload... to upload the key to a server. See Uploading the Public Key Automatically (Windows).
Click New key... to start the key generation wizard. See Key Generation Wizard.
Use the Add... button to add single keys and certificates, Delete to remove.
On the Key Providers page you can define the settings of external key providers used in user authentication. Available key providers are MSCAPI, Entrust, and PKCS#11.
- Microsoft Crypto API
SSH Tectia Client and Connector can access keys via Microsoft Crypto API (MSCAPI). MSCAPI is a standard cryptographic interface used in Microsoft Windows systems.
Microsoft Crypto API (MSCAPI) providers can be enabled by selecting the Enable Microsoft Crypto API check box. If you enable the MSCAPI providers, you can use software keys and certificates created by Microsoft applications.
You can also select the polling interval (in milliseconds) for MSCAPI. If
0(zero) is selected, the Connection Broker will not poll MSCAPI, but will wait for system notifications instead.
Select the Enable Entrust check box to enable using Entrust.
Enter the Initialization file (
*.ini) and Profile file (
By using the Entrust provider, SSH Tectia Client and Connector can utilize keys and certificates stored in an Entrust profile file (
.epf). The initialization file includes the basic Entrust PKI configuration (for example the CA address).
When the provider is enabled for the first time, Entrust Entelligence will prompt for your Entrust password. As long as the Entrust provider is enabled, the password is asked each time SSH Tectia Client/Connector is started.
By using the PKCS#11 provider, SSH Tectia Client and Connector can use keys and certificates stored in PKCS#11 tokens (for example, smart cards or USB tokens).
Click Add... to define a PKCS#11 provider.
- Dynamic library
Define a dynamic library containing the PKCS#11 driver.
Define slots. A slot is a logical reader that potentially contains a token. Slots are manufacturer-specific. They are defined with an integer. Examples: "
0-3, !2", "