Your browser does not allow storing cookies. We recommend enabling them.

PreviousNextUp[Front page] [Index]


Usually the enrollment process pre-selects one of the CAs in the system for each certification request, but requests without a CA mapping can also exist in the Database.

The operator should check if the selected CA is correct for the certification request. The selected issuing CA is extremely important as it will radically affect the policy decisions made for the request and will also determine the resulting certificate's future use to a great extent.

Creating self-signed certificates (certificates that do not have an issuing CA) is disallowed in request processing, but can be done using the Create Certificate option under the System Configuration main menu item. The operator must have super-user privileges for this, as certificates made that way bypass all CA policy code.

A request can also be approved by an RA, and if this is the case, the issuer field needs to contain a local RA of the system. Instead of issuing the certificate, the RA signs the certification request and sends it to the remote CA that is associated with this RA.

The CA list works as described in Section Database Search Options.

PreviousNextUp[Front page] [Index]




What to read next:

  • Reduce Secure Shell risk. Get to know the NIST 7966.

    The NISTIR 7966 guideline from the Computer Security Division of NIST is a direct call to action for organizations regardless of industry and is a mandate for the US Federal government.
    Download now
  • ISACA Practitioner Guide for SSH

    With contributions from practitioners, specialists and SSH.COM experts, the ISACA “SSH: Practitioner Considerations” guide is vital best practice from the compliance and audit community.
    Download now