The public-key infrastructure (PKI) offers several alternative implementation scenarios. User and server certificate authentication in the SSH Tectia software is typically subjected to an existing PKI deployment of the organization. These range from a single trusted certification authority (CA) and a certificate validation access point to extensive CA hierarchies, with cross-certification, a combination of certificate validation access points, and high-availability mechanisms.

The CA setup described in Server Certificate Authentication for server certificate authentication is an example of an effective PKI deployment using the SSH Tectia Manager Internal CA. User certificate authentication configuration via SSH Tectia Manager is further illustrated in User Certificate Authentication, mainly focusing on the SSH Tectia Server configuration.

It is recommended that the administrators familiarize themselves with the PKI technology and its terminology for full understanding of the implications related to authentication in the SSH Tectia environment.