SSH Tectia
Home Prev Up Next  

Server Certificate Authentication

This section provides an example configuration of a server authentication using certificates in an SSH Tectia environment. The host certificates are enrolled for the SSH Tectia Server software, and the authentication settings configured for both the SSH Tectia Client and SSH Tectia ConnectSecure (or Connector in 4.x and 5.x) using SSH Tectia Manager.

The SSH Tectia Manager Internal CA provides the following services:

[Note]Note

The administrator of SSH Tectia Manager is responsible for the identity establishment of the hosts. For example, the administrator needs to verify that the host information (host name, FQDN, IP address) is correct when selecting hosts for certificate enrollment.

SSH Tectia Manager Internal CA

The SSH Tectia Manager Internal CA services are available after the initial configuration. The preconfigured Internal Root CA settings can be viewed and edited in Settings → PKI Settings → Internal CAs.

To enable the Internal PKI for certificate enrollment and authentication configurations in SSH Tectia Manager:

  1. Under Configurations → Edit configurations → PKI → Enrollment settings, add the certificate enrollment settings (Figure 8.1).

    1. In Enrollment PKI, select Internal Root CA.

    2. Change the key type and length settings, if necessary.

    Certificate enrollment settings

    Figure 8.1. Certificate enrollment settings

  2. Go to Configurations → Edit configurations → SSH Tectia G3 → Client → PKI.

    PKI settings

    Figure 8.2. PKI settings

    To add the certificate authentication settings:

    1. On the selected client's PKI tab, under CA list, click Add.

    2. Select Use known CA certificate from and select Internal Root CA.

    3. Upload the Internal Root CA certificate for server authentication (Figure 8.3).

      CA settings for server authentication

      Figure 8.3. CA settings for server authentication

  3. Edit the configuration assignments:

    1. Under Configurations → Assign configurations, edit the SSH Tectia G3 mappings.

    2. Edit the G3 Client configuration for the intended configuration groups (for example, Server and Workstation).

    3. Edit the Certificate enrollment configuration to refer to the internal CA for the intended groups (for example, Server).

    Example configuration assignment is shown in Figure 8.4.

    Configuration assignments

    Figure 8.4. Configuration assignments

Home Prev Up Next  

Copyright 2008 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information