SSH

Enrollment Jobs

Host certificate mass enrollment jobs can be started and monitored in Configurations → Enroll certificates. For each new job, select the host group for which host certificates will be enrolled.

Hosts with a certificate that is valid for more than two weeks are excluded from the enrollment by default. The validity is based on the expiration date of the currently managed host certificate. Clear the check box to enroll certificates for all hosts in the selected group, or adjust the time frame to include the intended hosts.

Enrolling certificates

Figure 9.8. Enrolling certificates

Select Revoke previous certificate if the currently managed host certificate should be revoked after a successful enrollment.

The progress of running and finished enrollment jobs (including certificate renewal jobs initiated by Tectia Manager) can be monitored in Configurations → Enroll certificates. The running enrollment jobs can be aborted.

In case the External CA settings require a pre-shared key (PSK) to authenticate the enrollment requests to the CA enrollment service, the enrollment job will be pending until PSKs have been provided. The required PKSs for hosts can be viewed and entered in Configurations → Enroll certificates → Required PSKs.