Skip to main content

This version of GitHub Enterprise was discontinued on 2022-09-28. No patch releases will be made, even for critical security issues. For better performance, improved security, and new features, upgrade to the latest version of GitHub Enterprise. For help with the upgrade, contact GitHub Enterprise support.

Managing your organization's SSH certificate authorities

You can add or delete SSH certificate authorities from your organization.

Who can use this feature

Organization owners can manage an organization's SSH certificate authorities (CA).

You can allow members to access your organization's repositories using SSH certificates you provide by adding an SSH CA to your organization. You can require that members use SSH certificates to access organization resources, unless SSH is disabled in your repository. For more information, see "About SSH certificate authorities."

When you issue each client certificate, you must include an extension that specifies which GitHub Enterprise Server user the certificate is for. For more information, see "About SSH certificate authorities."

Adding an SSH certificate authority

If you require SSH certificates for your enterprise, enterprise members should use a special URL for Git operations over SSH. For more information, see "About SSH certificate authorities."

  1. In the top right corner of GitHub Enterprise Server, click your profile photo, then click Your organizations. Your organizations in the profile menu

  2. Next to the organization, click Settings. The settings button

  3. In the left sidebar, click Organization security.

    Organization security settings

  4. To the right of "SSH Certificate Authorities", click New CA. New CA button

  5. Under "Key," paste your public SSH key. Key field to add CA

  6. Click Add CA.

  7. Optionally, to require members to use SSH certificates, select Require SSH Certificates, then click Save. Require SSH Certificate checkbox and save button

Deleting an SSH certificate authority

  1. In the top right corner of GitHub Enterprise Server, click your profile photo, then click Your organizations. Your organizations in the profile menu

  2. Next to the organization, click Settings. The settings button

  3. In the left sidebar, click Organization security.

    Organization security settings

  4. Under "SSH Certificate Authorities", to the right of the CA you want to delete, click Delete. Delete button

  5. Read the warning, then click I understand, please delete this CA. Delete confirmation button