Your browser does not allow storing cookies. We recommend enabling them.


Using Certificates

The CA-related configuration options for Internal and External CA Settings are defined in Settings → PKI Settings and require superuser administrator rights. See Configuring PKI Settings for CA.

Once the initial certificate enrollment has been done, Tectia Manager Internal CA will automatically renew the server host certificates. The Internal Root CA Host certificate validity period and Certificate renew marginal can be configured in Settings → PKI Settings → Internal CAs. The changes in validity period will take effect the next time a new certificate is issued, but the changes in the renewal marginal will take effect immediately (Figure 9.5).

Tectia Manager Internal CA publishes HTTP CRL(s) in port 80 when Tectia Manager is running. An external command can be used to specify a script that will publish the CRL for example to LDAP or backup HTTP server. The CRL Distibution Point(s) are included in the issued host certificates. The CRL default update period is 3 hours and the validity period 27 hours (3-hour update period, 24-hour marginal.) The CRL publishing methods, CRL update period, and CRL next update marginal can be configured in Settings → PKI Settings → Internal CAs (Figure 9.6).


The firewall configuration of the organization must allow the Tectia client-side managed hosts to access the CRL Distribution Points (by default Management Server port 80).


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more