Issuing a new Certification Authority

1. Log in to the Stream Administration Interface.

2. Go to OpenSSH > Certification Authority from the menu on the left.

3. Input your CA’s internal name.

4. Select the Keystore that contains the key you want to use to generate this CA, then select the key that you want to use. If you do not have a keystore set up yet, please refer to the Managing Keystores & Keys section.

5. You can also configure KRL generation. To configure this section, please refer to the Key Revocation page. Once you’re satisfied with your settings, click "Add".

OpenSSH CAs consist mainly of a keypair used to sign entity certificates and KRL, and do not expire.