1 - Abstract
As there are two different types of certificates, there are two individual tasks to setup a client.
- Host Certificate
- Client Certificate
If one would like to use only one certificate, execute the corresponding subtask.
There are two different options to tell the ssh daemon about the certificate:
'user based' (recommended) or
'user based': The certificate is valid for one specific user on the client.
'global': The certificate is valid for each user on the client.
2 - Client Certificate
Step 1 - Sign client's public key
The instructions how to singed a clients public key can be found here.
The CA provides a zip file where all signed keys are stored.
Step 2 - Copy all certificates to netdef folder
Copy all certificates that can be found in the provided tar file to the folder
Step 3 - Edit the config file
Add the following lines to
. The name of the certificate as well as
' must be replaced with the correct file name and the correct path to the folder respectively.