Using X.509
Certificates
Overview
X.509 is a proposed standard used for generating digitally-signed public-key authentication The process of verifying that an individual truly is who he or she claims to be. Supplying a password is a very common method of authentication. The most secure method of authentication supported in SecureCRT is public-key authentication. See also: identity file, public-private key pair. certificates. These certificates can be used for authentication in supporting SSH SSH is an acronym for the Secure Shell protocol. A communications protocol used to encrypt network traffic between a client and a server. systems. Not all SSH servers support X.509 certificates.
Before you can use X.509 certificates, you must configure your system to support these certificates. In the example system shown below, a client A computer or application that uses services provided by a server. machine is connected to an SSH server A computer program that provides services to other computer programs (called clients). Often the computer on which a server program runs is also called a server. The term host is often used as a synonym for server. which in turn is able to query a Certification Authority (CA) server.
X.509 System Configuration
Obtaining an X.509 Certificate
To obtain an X.509 certificate, begin by generating a public/private key pair on your client machine (refer to your system documentation for information on this process). Keep your private key on the local machine and forward the public key with any other required information to the CA in the form of a request for certification. If the request is approved, the CA digitally signs the certificate and returns it to you in the form of a smart card, token, or other medium.
SecureCRT supports X.509 systems that work with Windows compatible smart card readers.
Configuring SecureCRT to Use X.509 Certificates
Once you have your X.509 certificate, you need to configure SecureCRT to use it.
1. On the client machine, start SecureCRT.
2. Select the session A session is a set of options that are assigned to a connection to a remote machine. These settings and options are saved under a session name and allow the user to have different preferences for different hosts. that you want to use with the X.509 certificate and open the Session Options dialog.
3. In
the Connection/SSH2
category, select Public Key as one of your Authentication
types and click on the associated Properties button.
4. In the Public Key Properties dialog, clear the Use global public key setting option and check the Use certificate option.
5. Click on the OK button to save your settings.
Note: SecureCRT also supports the use of X.509 certificates for public keys on a global basis. This option is available in the SSH2 category of the Global Options dialog.