Certificates

In this section you will see CA certificate fingerprints, as well as all signed server and user certificates.

admin_certificates

Separate CAs are used for servers and users. All servers verify that user certificates are signed by the CA for users, and users vice versa verify that server certificates are signed by the CA for servers. The CA is generated uniquely for each team when the first server is added.

tip

Этот раздел доступен Основателю, Владельцам и Администраторам.

Certificate Rotation

CA

warning

Team CA certificate rotation is not yet available but is planned in the near future.

Servers

info

By default issued for 30 days

If the bastion server is active, the certificate is automatically rotated as the expiration date approaches.

Clients

info

By default issued for 12 hours

If the client session is active and the connection works through the tuna bastion ssh wrapper rather than directly through the native ssh-client, then as the expiration date approaches, the certificate is also automatically rotated.

Certificate Rotation​

CA​

Servers​

Clients​

Certificate Rotation

CA

Servers

Clients