FIPS compliance ··························································································································································· 128
PKI configuration task list ············································································································································ 128
Configuring a PKI entity ·············································································································································· 128
Configuring a PKI domain ··········································································································································· 129
Requesting a certificate ··············································································································································· 131
Aborting a certificate request ····································································································································· 134
Obtaining certificates ·················································································································································· 134
Configuration prerequisites ································································································································ 134
Configuration guidelines ···································································································································· 135
Configuration procedure ···································································································································· 135
Verifying PKI certificates ·············································································································································· 135
Exporting certificates ··················································································································································· 137
Removing a certificate ················································································································································· 138
Displaying and maintaining PKI ································································································································· 139
PKI configuration examples ········································································································································· 139
Failed to obtain CRLs ·········································································································································· 157
Failed to export certificates ································································································································ 158
Failed to set the storage path ····························································································································· 159
Configuring SSH ····················································································································································· 160
Overview ······································································································································································· 160
How SSH works ··················································································································································· 160
SSH authentication methods ······························································································································· 161
FIPS compliance ··························································································································································· 162
Configuring an SSH user ···································································································································· 165
iv