Your browser does not allow storing cookies. We recommend enabling them.

SSH Tectia 
PreviousNextUp[Contents] [Index]

    About This Document>>
    Installing SSH Tectia Client >>
    Getting Started >>
        Connecting to a Remote Host
        Defining Quick Connect Options
        Generating Keys >>
        Enrolling Certificates >>
            Certificate Enrollment Wizard
            Globally Accessible CA Certificates
        Uploading Your Public Key >>
        Using Public-Key Authentication with SSH Accession Lite >>
        Examples of Use
    Configuring SSH Tectia Client >>
    Connecting to a Remote Host Computer>>
    Transferring Files>>
    Tunneling Applications>>
    GUI Reference>>
    Troubleshooting >>
    Command-Line Tools >>

Certificate Enrollment Wizard

The Certificate Enrollment wizard is used to enroll certificates which means requesting a certification authority (CA) to issue a certificate. Start the wizard by clicking the Enroll button on the Certificates page of the Settings dialog.

Using certificate enrollment wizard requires that the CA software supports Certificate Management Protocol version 2 (CMPv2).

Certificate Enrollment - Start

The first page of the Certificate Enrollment wizard displays information on the enrollment process. The enrollment process will create a key pair, consisting of a public and a private key.

Figure : The start of the enrollment process

Click Next to continue the process.

Certificate Enrollment - Identity

On the Identity page, enter the parameters of the certificate to be issued. You can suggest a Common Name (e.g. John Smith), Organization Unit (Marketing), Organization (SSH Communications Security), Country (USA) and E-mail Address (

Figure : Type the parameters of the certificate

The certification authority can change these fields before issuing the certificate. The certificate validity period and other parameters are determined by the configuration of the CA software.

Please note that certificate enrollment requiring manual acceptance in the CA software is not supported. You may be able to compensate for this with PKCS #12 file importing.

Click Next to launch the Key Generation wizard. For more information on the key generation process, see Section Key Generation Wizard.

Certificate Enrollment - Firewall

On the Proxy page, you can define the firewall and proxy settings. If your local setup does not require these to be defined, the fields can be left empty.

Figure : If firewall settings are not required, leave the fields empty

  • Firewall

    Type the firewall location in the text field.

  • HTTP proxy

    Type the HTTP proxy location in the text field.

Click Next to continue.

Certificate Enrollment - CA

On the CA page, you can define the certification authority (CA) settings.

Figure : Defining the Certificate Authentication settings

On the CA page, fill in the following fields:

  • CMP Service URL

    Type in the address of the server that provides the Certificate Management Protocol (CMP) service.

  • Discover

    Click Discover to attempt automatic detection of available certification authority services and CA certificates. The found CA services will be listed in the text field and can be selected from the drop-down menu.

    Please note that not all systems support the automatic detection functionality.

  • CA Certificate

    This drop-down menu will show the CA certificates that were found on the selected CMP service. Select a CA certificate from the list.

    Alternatively, you can directly type in the file name of the certificate, or select the file by clicking the button on the right-hand side of the file name field. The Select CA Certificate dialog opens, allowing you to locate the certificate file.

  • View

    Click the View button to display the contents of the current certificate.

  • Retrieve CA Certificates from CA URL

    Select the desired CA URL from the drop-down list and click Retrieve CA Certificates from CA URL to retrieve the CA certificates from the selected CA address.

  • Reference Number

    Type in the reference number.

  • Key

    Type in the key information.

Click Next to continue.

Certificate Enrollment - Enrollment

The actual enrollment takes place on the Enrollment page. This may take some time, and the exact duration depends on the amount of network traffic among other factors.

When the process has finished, click Finish to continue.

PreviousNextUp[Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2010 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now