1. Home
    2. /
  2. Manuals
    3. /
  3. ZoneAlarm
    4. /
  4. Z100G
    5. /
  5. 63
Page 311 / 428 Scroll up to view Page 306 - 310
Installing a Certificate
Chapter 14: Secure Remote Access
297
Installing a Certificate
A digital certificate is a secure means of authenticating the ZoneAlarm router to Remote
Access VPN Clients. The certificate is issued by the Certificate Authority (CA) to entities
such as gateways, users, or computers. The entity then uses the certificate to identify itself
and provide verifiable information.
For instance, the certificate includes the Distinguished Name (DN) (identifying
information) of the entity, as well as the public key (information about itself). After two
entities exchange and validate each other's certificates, they can begin encrypting
information between themselves using the public keys in the certificates.
The certificate also includes a fingerprint, a unique text used to identify the certificate. You
can email your certificate's fingerprint to the remote user. Upon connecting to the
ZoneAlarm VPN Server for the first time, the entity should check that the VPN peer's
fingerprint displayed in the SecureClient/SecuRemote VPN Client is identical to the
fingerprint received.
A certificate is required for the correct functioning of the ZoneAlarm VPN Server. When
the gateway is started for the first time, a self-signed certificate is automatically generated
for your gateway; therefore, you usually do not need to install a certificate and can skip
this section.
In the event that you need to install a certificate, you must use a certificate encoded in the
PKCS#12 (Personal Information Exchange Syntax Standard) format. Your ZoneAlarm
router enables you to install such certificates in the following ways:
By generating a self-signed certificate.
See
Generating a Self-Signed Certificate
on page 298.
By importing a certificate.
The PKCS#12 file you import must have a ".p12" file extension. If you do not have
such a PKCS#12 file, obtain one from your network security administrator.
See
Importing a Certificate
on page 302.
Note:
To use certificates authentication, each ZoneAlarm router should have a
unique certificate. Do not use the same certificate for more than one gateway.
Page 312 / 428
Installing a Certificate
298
Check Point ZoneAlarm User Guide
Generating a Self-Signed Certificate
To generate a self-signed certificate
1.
Click
VPN
in the main menu, and click the
Certificate
tab.
The
Certificate
page appears.
2.
Click
Install Certificate
.
Page 313 / 428
Installing a Certificate
Chapter 14: Secure Remote Access
299
The
ZoneAlarm Certificate Wizard
opens, with the
Certificate Wizard
dialog box
displayed.
3.
Click
Generate a self-signed security certificate for this gateway
.
The
Create Self-Signed Certificate
dialog box appears.
4.
Complete the fields using the information in the following table.
5.
Click
Next
.
The ZoneAlarm router generates the certificate. This may take a few seconds.
Page 314 / 428
Installing a Certificate
300
Check Point ZoneAlarm User Guide
The
Done
dialog box appears, displaying the certificate's details.
6.
Click
Finish
.
The ZoneAlarm router installs the certificate. If a certificate is already installed, it is
overwritten.
The Certificate Wizard closes.
The
Certificates
page displays the following information:
The gateway's certificate
The gateway's name
The gateway certificate's fingerprint
The CA's certificate
The name of the CA that issued the certificate (in this case, the ZoneAlarm
gateway)
The CA certificate's fingerprint
Page 315 / 428
Installing a Certificate
Chapter 14: Secure Remote Access
301
The starting and ending dates between which the gateway's certificate and the
CA's certificate are valid
Table 72: Certificate Fields
In this field…
Do this…
Country
Select your country from the drop-down list.
Organization
Name
Type the name of your organization.
Organizational Unit
Type the name of your division.
Gateway Name
Type the gateway's name. This name will appear on the certificate, and will
be visible to remote users inspecting the certificate.
This field is filled in automatically with the gateway's MAC address. If
desired, you can change this to a more descriptive name.

Rate

3.5 / 5 based on 2 votes.

Popular ZoneAlarm Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top