The Enrollment settings define the certificate enrollment settings.
Specifies a name for the configuration.
- Enrollment PKI
Specifies the PKI.
- Key type
Specifies the key type for the generated private key of the host certificate.
- Key length
Specifies the key length for the generated private key of the host certificate. The value must be between 1024 and 8192 bits.
- Subject name
Specifies the subject name used in the certificate enrollment request. The following variables can be used:
%IP_ADDRESS%, substituted with the IP address of the host.
%IP_ADDRESS_LIST%, substituted with all of the IP addresses of that host. Usable only in subject altName part (as in
IP=%IP_ADDRESS_LIST%), not in the actual subject name.
%DNS_NAME%, substituted with the DNS name (fully qualified host name) of the host.
%DNS_NAME_LIST%, substituted with all of the DNS names of that host. Usable only in subject altName part (as in
IP=%DNS_NAME_LIST%), not in the actual subject name.
%HOST_NAME%, substituted with the short host name (DNS name without the domain part).
%REFERENCE_NUMBER%, reference number of allocated authorization code for the host. Only needed in Entrust Web Enrollment.
The subject name field is mostly parsed as a Distinguished Name. However, additional semicolon-separated fields
IPcan be used to specify subject alternative names for a request. Note that this means that a colon has to be used to separate RDNs in the DN. The default value for subject name field is
CN=%DNS_NAME%;DNS=%DNS_NAME_LIST%;IP=%IP_ADDRESS_LIST%. This will add multiple subject alternative name DNS entries to the host certificate if the host has reported aliases.
The subject name and alternate subject names on the issued certificate depend on the policy of the CA.
- Require FQDN
If this is selected, the managed host has to have a fully qualified domain name which is used in subject name field so that it will be added as a name in the host certificate. If FQDN is not required, an IP address in certificate will be sufficient. Without FQDN the server authentication in Secure Shell client will be restricted to connections with explicit IP address.