Your browser does not allow this site to store cookies and other data. Some functionality on this site may not work without them. See Privacy Policy for details on how we would use cookies.

SSH Tectia

Enrollment Settings

The Enrollment settings define the certificate enrollment settings.

Name

Specifies a name for the configuration.

Enrollment PKI

Specifies the PKI.

Key type

Specifies the key type for the generated private key of the host certificate.

Key length

Specifies the key length for the generated private key of the host certificate. The value must be between 1024 and 8192 bits.

Subject name

Specifies the subject name used in the certificate enrollment request. The following variables can be used:

  • %IP_ADDRESS%, substituted with the IP address of the host.

  • %IP_ADDRESS_LIST%, substituted with all of the IP addresses of that host. Usable only in subject altName part (as in IP=%IP_ADDRESS_LIST%), not in the actual subject name.

  • %DNS_NAME%, substituted with the DNS name (fully qualified host name) of the host.

  • %DNS_NAME_LIST%, substituted with all of the DNS names of that host. Usable only in subject altName part (as in IP=%DNS_NAME_LIST%), not in the actual subject name.

  • %HOST_NAME%, substituted with the short host name (DNS name without the domain part).

  • %REFERENCE_NUMBER%, reference number of allocated authorization code for the host. Only needed in Entrust Web Enrollment.

The subject name field is mostly parsed as a Distinguished Name. However, additional semicolon-separated fields DNS and IP can be used to specify subject alternative names for a request. Note that this means that a colon has to be used to separate RDNs in the DN. The default value for subject name field is CN=%DNS_NAME%;DNS=%DNS_NAME_LIST%;IP=%IP_ADDRESS_LIST%. This will add multiple subject alternative name DNS entries to the host certificate if the host has reported aliases.

The subject name and alternate subject names on the issued certificate depend on the policy of the CA.

Require FQDN

If this is selected, the managed host has to have a fully qualified domain name which is used in subject name field so that it will be added as a name in the host certificate. If FQDN is not required, an IP address in certificate will be sufficient. Without FQDN the server authentication in Secure Shell client will be restricted to connections with explicit IP address.

===AUTO_SCHEMA_MARKUP===