|[Front page] [Index]|
An entity is anything that can request and receive certificates from SSH Tectia Certifier. An example of an entity could be a user requesting a certificate for e-mail usage, or a network device requesting certificates for IPSec.
Entities are used to bind a set of attributes describing the entity and a set of requests and certificates together. This makes it easier for operators to view what kind of certificates are given to users.
Entities can also contain a set of shared secrets, in the form of a secret key ID and a pre-shared key. These keys can be used to map incoming certification requests to a certain entity. Additionally, secrets can have a set of policy attributes that can alter the way they are handled in the automatic CA policy code. For example, the system can be set up so that when a certification request with a matching pre-shared key comes in, it is automatically accepted and issued with a pre-configured set of certificate extension values without operator intervention.
Using entities is not strictly necessary, as SSH Tectia Certifier can also operate on certification requests without entity mapping. Using entities is recommended if the potential end user base is large. For CMP enrollment entities have to be used.
[Front page] [Index]