Implementing Public-Key Infrastructure
To implement Public-Key Infrastructure:
-
Add one or more PEM formatted CA certificates to a certificate list.
-
Configure OCSP with a list of trusted CA certificates used to verify OCSP response signatures.
-
Optionally, configure an alternate OCSP responder (OCSR) URL for the OCSR used to check revocation status.
-
Perform one, but not both, of the following:
- Restrict the system to a single specified authorization credential which must be shared by all users.
- Configure a dynamic extracted username from the X.509 certificate subject field.
-
Configure the SSH server for PKI (see Configuring Secure Shell).