  |
     |
Certificates can be enrolled using the ssh-cmpclient-g3 command-line tool (ssh-cmpclient-g3.exe on Windows).
To configure Tectia Server to authenticate itself using X.509 certificates, perform the following tasks:
Enroll a certificate for the server.
This can be done with the
ssh-cmpclient-g3command-line tool, for example:$ ssh-cmpclient-g3 INITIALIZE \ -P generate://ssh2@rsa:1024/hostcert_rsa \ -o /etc/ssh2/hostcert_rsa \ -p 62154:ssh \ -s "C=FI,O=SSH,CN=testserv;dns=testserv.ssh.com" \ http://pki.ssh.com:8080/pkix/ \ 'C=FI, O=SSH Communications Security, CN=Secure Shell Test CA'
Note that the DNS address parameter (
dns) needs to correspond to the fully qualified domain name of the server.Remember to define also the SOCKS server (
-S) before the CA URL, if required.For more information on the
ssh-cmpclient-g3syntax, see ssh-cmpclient-g3(1).Define the private key and the server certificate in the
ssh-server-config.xmlfile:<params> <hostkey> <private file="/etc/ssh2/hostcert_rsa" /> <x509-certificate file="/etc/ssh2/hostcert_rsa.crt" /> </hostkey> ... </params>Alternatively, when using the Tectia Server Configuration tool, enter the private key and certificate filenames on the Identity page. See Identity.
Run
ssh-server-ctlto take the new configuration in use. See ssh-server-ctl(8).On Windows, just click Apply to take the new settings in use.
| |
Copyright 
2016 SSH Communications Security Corporation
This software is protected by international copyright laws. All rights reserved.
Contact Information