set ssh server pki authorized-cert-list

Use this command to require a user‘s certificate to be explicitly configured on the device.

Syntax

set ssh server pki authorized-cert-list pki-cert-list

Parameters

pki-cert-list Specifies a named list of certificates and keys configured using set pki certificate.

Defaults

None.

Mode

All command modes.

Usage

By design, PKI authentication does not require a user‘s certificate to be configured on the device (explicitly trusted). However, if desired, you may impose an explicit trust requirement using this command.

If an authorized-cert-list is configured, any certificate presented by a user which is not on this list will be rejected. If the certificate is on the list, then normal PKI authentication will be performed.

If an authorized-cert-list is not configured, then user certificates are only subject to normal PKI verification using the CA certificate trust chain.

Example

This example shows how to require a user‘s certificate to be explicitly configured in the myAuthCerts authorized-cert-list:

System(rw)->set ssh server pki authorized-cert-list myAuthCerts