Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]

Editing the Operator Information

On the Operator page the operator information can be edited and the password changed. Login and password information is required if only server authentication (not client) is used in TLS. Also the privileges can be defined here by an operator with sufficient privileges.

Operator Status

The operator also has a status field which is normally in the Active position. By changing this to Inactive that specific operator can effectively be disallowed from using the system. Operators marked as inactive are not allowed to log into the system. If they are already logged in, they are not allowed to update anything.

Figure : The Operator page, the phone number and email attributes have been added

Access Control

Every operator has to have at least one access control item, defining what types of operations she is authorized to perform. Only super-user operators are authorized to modify access control items of other operators in the system. To add a new access control item, click the Add button. To remove or edit an existing rule, click either the Remove or the Edit button.

See Section Operator Access Control Levels for more information.


SSH Tectia Certifier allows the GUI view of each operator or operator group to be customized. The UI Level can be set to Show All Options, Hide Super User Options, or to Simple Admin UI Only.

If hiding super-user options is selected, only the menu options that relate to entity and certificate management are shown.

If Simple Admin UI is selected, the operator will use a simplified user interface that contains only the functions for creating and editing entities and revoking and suspending certificates. The Simple Admin UI is described in SSH Tectia Certifier Administrator's Guide.

Also the Character set used in the operator's browser, the Timezone, and Time format can be selected here. If autodetect is selected as the Timezone, SSH Tectia Certifier uses the timezone information of the browser.

When entering time values in text boxes, use the time format specified for the operator without the timezone code (for example, 2003-01-23 09:45:41).

Operator Attributes

As is the case with entities, also the operator can have a dynamically changed set of attributes with additional information. Attributes can be added by selecting an attribute from the drop-down list and clicking Add. The available attribute types include Description fields, Address fields, and Email addresses.

By default this information is not used in any way, but it exists to help the operators to identity and contact each other. If the operators require TLS client certificates, the entity attributes can be included in the certificates if a suitable policy module is used in the CA policy.

Pre-Shared Keys and Certificates

Operators may have pre-shared keys just like entities. Shared keys are used to authenticate operators when they are enrolling TLS client certificates for themselves.

These certificates can be used to authenticate operators when they log in to the Administration Service. Passwords are not necessarily needed when TLS with client authentication is used. TLS with client authentication has to be defined on the Administration Service configuration page. See Section Editing the Administration Service.

Click the Add button in the Pre-shared keys box to add a pre-shared key for the operator. Provide the value of the Key field to the operator. The operator must give the key when enrolling a certificate through the Web Enrollment Service. The CA who is authorized to issue operator client certificates can be selected on the configuration page of the Administrator Service. Instruct the operator to select this CA during the enrollment.

When the TLS client certificate is issued for the operator, this certificate is shown in the Client certificates of the Operator page.

Committing Changes

The Commit Changes button updates all changed operator data into the Database.

Operator Logs

The View Operator Change Log button shows all log events relating to this operator and the View Log button shows all log events that this operator has been involved in. So if one operator changes another operator's phone number, that can be displayed by clicking the first button, but if this operator accepts a request, that can be displayed by clicking the second button.

Removing an Operator

Click the Remove Operator button to remove the operator from the system. Be careful with this option, since removing an operator means that all operator certificates are revoked and the shared keys belonging to the operator are deleted!

PreviousNextUp[Front page] [Index]




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now