Your browser does not allow storing cookies. We recommend enabling them.

SSH

Prerequisites for Using Certificate Authentication

If the Require FQDN option is set in the enrollment configuration (by default it is), the managed hosts must have a fully qualified domain name (FQDN).

The clocks on all the managed hosts must be approximately on the correct time. The issued certificates have a validity period starting one hour in the past and the issued CRLs likewise have a one hour marginal in their thisUpdate timestamps. This means that a clock that is more than an hour late will cause problems when validating a new certificate or using a just issued CRL.


 

 
What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.



    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH



    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now