Your browser does not allow storing cookies. We recommend enabling them.

SSH

Configuring Certificate Authentication on Tectia Client/ConnectSecure

Tectia Client and Tectia ConnectSecure need to be separately configured to authenticate server hosts using host certificates. The authentication settings can be configured in Configurations → Edit Configurations → Tectia → Client under the PKI page.

The following settings need to be configured:

  • The list of trusted CA certificates. These are used to check the validity of host certificates.

    In case Tectia Manager Internal CA is used, defining the trusted certificate is the only required setting. To use the Internal CA, select Internal Root CA as the CA certificate.

  • The LDAP servers used to retrieve CRLs and subordinate CA certificates in a CA hierarchy should be configured. These settings are necessary only if the host certificates themselves do not contain valid Authority Info Access and/or CRL Distribution Point extensions.

  • If OCSP should be used instead of CRLs and the host certificates themselves do not contain the information, the default OCSP responder URL should be configured.

If CRL checking is disabled, the LDAP server and OCSP responder URLs do not need to be configured. CRL checking should be disabled for testing purposes only.

Activating the settings requires assigning the configuration to the appropriate hosts and redeploying the configurations.


 

 
Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more