Use this command to require a user‘s certificate to be explicitly configured on the device.
pki-cert-list | Specifies a named list of certificates and keys configured using set pki certificate. |
None.
All command modes.
By design, PKI authentication does not require a user‘s certificate to be configured on the device (explicitly trusted). However, if desired, you may impose an explicit trust requirement using this command.
If an authorized-cert-list is configured, any certificate presented by a user which is not on this list will be rejected. If the certificate is on the list, then normal PKI authentication will be performed.
If an authorized-cert-list is not configured, then user certificates are only subject to normal PKI verification using the CA certificate trust chain.
This example shows how to require a user‘s certificate to be explicitly configured in the myAuthCerts authorized-cert-list:
System(rw)->set ssh server pki authorized-cert-list myAuthCerts