The Internal Root CA is the built-in CA of SSH Tectia Manager, dedicated to issuing host certificates for the SSH Tectia Server hosts. It is also the trusted CA for server authentication. MyCompany People CA is a dedicated CA for issuing certificates for the users in the organization. It is also the trusted CA for user authentication. Some steps in the configuration and PKI deployment process may differ from the presented user authentication example, depending on the specifics of the CA implementation.

The HTTP CRL is used in this example for its ease of setup both in SSH Tectia Manager (HTTP CRL is published by default) and the environment (for example, no special firewall configuration is needed for the SSH Tectia Client and SSH Tectia ConnectSecure (or Connector in 4.x or 5.x) hosts to access the service). The HTTP CRL configuration is also a more generically applicable example, as the LDAP configuration setting details depend largely on the specific LDAP environment and schema. For details on customizing the SSH Tectia Manager Internal CA to publish CRLs externally to an LDAP server, see an example script in SSH Tectia Manager Administrator Manual.