| | |
| ||
| ||
     |
To configure the client to authenticate itself with an X.509 certificate, perform the following tasks:
Enroll a certificate for yourself.
Example: Enrollment using ssh-cmpclient
$ ssh-cmpclient INITIALIZE \ -P generate://ssh2:passphrase@rsa:512/user_rsa \ -o /home/user/.ssh2/user_rsa \ -p 62154:ssh \ -s 'C=FI,O=SSH,CN=user;email=user@example.org' \ http://pki.ssh.com:8080/pkix/ \ 'C=FI, O=SSH Communications Security Corp, CN=Secure Shell Test CA'
Remember to define also the SOCKS server (-S) before
the CA URL, if required.
For more information on the ssh-cmpclient syntax, see
ssh-cmpclient-g3(1).
Make sure that public-key authentication is enabled in the
ssh-broker-config.xml file.
<authentication-methods> <authentication-method name="publickey" /> ... </authentication-methods>
(Optional) Specify the private key of
your software certificate in the $HOME/.ssh2/identification
file.
CertKey private-key-path
The certificate itself will be read from private-key-path.crt.
With SSH Tectia Client 5.x, using the identification file
is not necessary if all your keys are stored in the default directory
and you allow all of them to be used for public-key and/or certificate
authentication. If the identification file does not exist,
the Connection Broker attempts to use each key found in the $HOME/.ssh2
directory.
| |
Copyright 
2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Contact Information