login about faq

Can SSH Tectia Server 4.x be configured to trust multiple CAs?

asked Dec 15 '10 at 10:03

SSH%20KB's gravatar image


Please Note: The SSH Tectia Server 4.x is no longer supported. Currently supported versions can be found on our web site: http://www.tectia.com/en/Support/Support_Services/End_of_Support_Dates.iw3.

However, to answer your question:

SSH Tectia Server configuration can include multiple CA certificates. Multiple Mapfile keywords are permitted for PKI sections as well.

NOTE: For the SSH Tectia Server (Windows) product, this type of configuration cannot be done using the GUI, it must be done by manually editing the configuration file located under:

C:\Program Files\SSH Communications Security\SSH Secure Shell Server\sshd2_config

-- /etc/ssh2/sshd2_config: --

Pki         ca-certificate_1.crt
MapFile     mapfile_1

Pki         ca-certificate_2.crt
MapFile     mapfile_2_1
MapFile     mapfile_2_2


NOTE2: Starting from SSH Tectia Server 4.1, the 4.x product line had a dedicated daemon for certificate handling and authentication:

  • ssh-certd daemon in UNIX
  • SSH Certificate Daemon service in Windows.

The certificate daemon has it's own configuration file ssh_certd_config, but it can also use the existing server configuration for backward compatibility.

Please see the product documentation of 4.x for more information.


answered Dec 15 '10 at 10:08

SSH%20KB's gravatar image


edited Dec 15 '10 at 10:57

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here



Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: Dec 15 '10 at 10:03

Seen: 2,381 times

Last updated: Dec 15 '10 at 10:57

All user contributed content licensed under the cc-by-sa license.
Powered by OSQA.