To enter a new host, simply type over the current host name and the other fields. When you press the "QuickConnect"
button (the first button on the left side of the bar) to connect, the new host will be entered into the QuickConnect history
list. This list can be cleared at any time by pressing the "QuickConnect" button while holding down the Shift-Delete
keys. The current entry can be deleted by pressing the "QuickConnect" button while holding down the Ctrl-Delete keys.
Use X.509 Certificates
A X.509 digital certificate is a set of electronic credentials that uniquely identify an individual. There are two parts to a
digital certificate: a private key and a certificate.
Your private key is the piece of information that uniquely identifies you within the Public Key Infrastructure. The
private key is mathematically created on your personal workstation, under your supervision, and is known only to you.
The certificate is the public part of your digital certificate. It contains your name and other identifying information. It
also contains the public key, which is mathematically related to the private key. Using your certificate, other people can
verify that you hold your private key, and therefore, must really be who you say you are.
Certificates can be generated and stored within browser software stores (databases), or within specialized Smart
Cards/USB tokens. Smart Cards/USB tokens are hardware devices that protect the private key from access by anyone
accept the owner. This is the main benefit of these devices. They serve as an impenetrable safe for the private key,
ensuring that only the intended user has access to it. The private key can be generated on-board and never leaves the
device for signing and encryption operations.
Certificates can be used for authentication with servers supporting SSH and SSL/TLS.
Manage SSH Host Keys
The SSH authentication allows public/private RSA keys, as well as X.509 certificates to be used for client
authentication. Although the documentation of many host SSH servers only refer to public/private RSA keys, X.509
certificates can still be used, since these certificates are nothing more than public/private keys with enhanced security
related information contained within a “certificate”. The public key is a component of this certificate. SecureNetTerm
fully supports the use of certificates for public/private key authentication.
The concept of public/private key authentication is a public/private key pair is created on the workstation. The private
key is retained on your local workstation, the public key is transferred to the host and placed in a unique location
specified by the host SSH server. When you attempt to login to a host using public/private key authentication, the host
server will send a challenge to SecureNetTerm. SecureNetTerm will sign this challenge with your respective private key
and return the signed challenge to the host server. The server will then verify the signed challenge using your public
key. If the host server determines that you are the holder of the correct private key, it will allow you to login. Refer to
the Key Management section on how to create and install these key pairs.
Manage SSL/TLS .tlslogin file
Most UNIX based SSL/TLS servers allow logging into the system with only a userid and a certificate. This is
commonly referred to as client certificate authentication. Although the complete details/requirements on how to enable
this feature can only be provided by the system administrator of the host, almost all of these systems require a copy of
the client certificate be located on the host. The .tlslogin file, located in the users home directory, is commonly used to
contain these user certificates. Most servers allow multiple certificates to be placed within the file.
Guide to Using SecureNetTerm How To • 15