Article version: GitHub.com

Managing your organization's SSH certificate authorities

You can add or delete SSH certificate authorities from your organization.

Support for SSH certificate authorities is available with GitHub Enterprise Cloud and GitHub Enterprise Server 2.19+. For more information, see "GitHub's products."

Organization owners can manage an organization's SSH certificate authorities (CA).

You can allow members to access your organization's repositories using SSH certificates you provide by adding an SSH CA to your organization. You can require that members use SSH certificates to access organization resources,. For more information, see "About SSH certificate authorities."

In this article

Adding an SSH certificate authority

When you issue each client certificate, you must include an extension that specifies which GitHub user the certificate is for. For more information, see "About SSH certificate authorities."

  1. In the top right corner of GitHub, click your profile photo, then click Your profile.

    Profile photo

  2. On the left side of your profile page, under "Organizations", click the icon for your organization.

    organization icons

  3. Under your organization name, click Settings.

    Organization settings button

  4. In the organization settings sidebar, click Security.

    Security settings

  5. To the right of "SSH Certificate Authorities", click New CA.

    New CA button

  6. Under "Key," paste your public SSH key.

    Key field to add CA

  7. Click Add CA.

  8. Optionally, to require members to use SSH certificates, select Require SSH Certificates, then click Save.

    Require SSH Certificate checkbox and save button

Deleting an SSH certificate authority

  1. In the top right corner of GitHub, click your profile photo, then click Your profile.

    Profile photo

  2. On the left side of your profile page, under "Organizations", click the icon for your organization.

    organization icons

  3. Under your organization name, click Settings.

    Organization settings button

  4. In the organization settings sidebar, click Security.

    Security settings

  5. Under "SSH Certificate Authorities", to the right of the CA you want to delete, click Delete.

    Delete button

  6. Read the warning, then click I understand, please delete this CA.

    Delete confirmation button

Ask a human

Can't find what you're looking for?

Contact us