On the Keys and Certificates page, you can add key and certificate files used in user authentication, generate a new key, upload a key to a server, or change the passphrase for a key.
- Default keys
The default location of user keys.
- Default certificates
The default location of user certificates.
Use the Add... button to add a directory of keys, Delete to remove.
Select a key from the list and click Change passphrase... to change the passphrase.
Click Upload... to upload the key to a server.
Click New key... to start the key generation wizard. Click the Help button in the wizard for more information.
Use the Add... button to add single keys and certificates, Delete to remove.
On the Key Providers page you can define the settings of external key providers used in user authentication. Available key providers are MSCAPI, Entrust, and PKCS#11.
- Microsoft Crypto API
SSH Tectia Client and ConnectSecure can access keys via Microsoft Crypto API (MSCAPI). MSCAPI is a standard cryptographic interface used in Microsoft Windows systems.
Microsoft Crypto API (MSCAPI) providers can be enabled by selecting the Enable Microsoft Crypto API check box. If you enable the MSCAPI providers, you can use software keys and certificates created by Microsoft applications.
Select the Enable Entrust check box to enable using Entrust. Entrust is available on Microsoft Windows systems.
Enter the Initialization file (
*.ini) and Profile file (
By using the Entrust provider, SSH Tectia Client and ConnectSecure can utilize keys and certificates stored in an Entrust profile file (
.epf). The initialization file includes the basic Entrust PKI configuration (for example the CA address).
When the provider is enabled for the first time, Entrust Entelligence will prompt for your Entrust password. As long as the Entrust provider is enabled, the password is asked each time SSH Tectia Client/ConnectSecure is started.
By using the PKCS#11 provider, SSH Tectia Client and ConnectSecure can use keys and certificates stored in PKCS#11 tokens (for example, smart cards or USB tokens).
Click Add... to define a PKCS#11 provider.
Use the Dynamic library to define a dynamic library containing the PKCS#11 driver.
Use the Slots to define slots. A slot is a logical reader that potentially contains a token. Slots are manufacturer- specific. They are defined with an integer. Examples: "
0-3, !2", "