Once all related configuration settings have been created, X.509 certificates can be enrolled onto the server hosts.
The Management Server triggers the certificate enrollment on each host. The Management Agent generates a key pair and a PKCS#10 certificate request for the private key. The Management Server verifies that the certitificate request matches the configuration and enrolls the certificate. The Management Server sends the certificate issued by the CA, in this case the SSH Tectia Manager Internal CA, to the Management Agent which will install the certificate and restart/reconfigure SSH Tectia Server. The success status of the operation is sent back to the Management Server from each host, and the server hosts are now ready for certificate authentication. See Figure 5.24.
Figure 5.24. Server host certificate deployment
Copyright 2010 SSH Communications Security Corp. This software is protected by international copyright laws. All rights reserved. Contact Information
What to read next:
Reduce Secure Shell risk. Get to know the NIST 7966.
The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government. Download now
ISACA Practitioner Guide for SSH
With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community. Download now