Storing client-based certificates

SafeLinx Clients can use client certificates to authenticate with the Connection Manager. To use client certificate authentication, install an X.509 certificate that you obtain from a certificate authority (CA) on the mobile device.

To store client-based certificates:
  1. From a computer that has a copy of the IBM® Key Management tool, create a certificate request.
    For more information, see Requesting an X.509 certificate from a third-party certificate authority.
  2. Submit the certificate request to a certificate authority (CA). When you submit the request, specify that you would like the CA to return the certificate request file with a file type of p12.
  3. Transfer the p12 file to the device or computer where you want to install the certificate.
  4. Start the SafeLinx Client connection that uses certificate-based authentication. When the Authentication dialog box opens, click or tap Browse and select the certificate file. Then, click or tap OK twice.

    The client certificate is stored in the default certificate store.


    If you use the SafeLinx Client on Windows, you can use a setting in the [CONNECTION] section of the safelinx.ini file to specify the Windows Registry key from which the SafeLinx Client retrieves the certificate.

    If you want the SafeLinx Client to use the certificate store specified in the HKEY_CURRENT_USER key, use the following setting:


    If you want the SafeLinx Client to use the certificate store specified in the HKEY_LOCAL_MACHINE key, use the following setting:


    The default setting is 1.