Zyxel P-660HN-F1Z Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Zyxel

P-660HN-F1Z

Page 191 / 421 Scroll up to view Page 186 - 190

Chapter 12 Certificates

P-660HN-FxZ Series User’s Guide

188

12.2.1

My Certificate Import

Follow the instructions in this screen to save an existing certificate to the ZyXEL Device.

Click

Security > Certificates >

My Certificates

and then

Import

to open the

My Certificate

Import

screen.

You can only import a certificate that matches a corresponding certification

request that was generated by the ZyXEL Device.

The certificate you import replaces the corresponding request in the

Certificates

screen.

You must remove any spaces from the certificate’s filename before you can

import it.

Figure 109

My Certificate Import

Import

Click this to open a screen where you can save the certificate that you have

enrolled from a certification authority from your computer to the ZyXEL Device.

Refresh

Click this to display the current validity status of the certificates.

Table 66

My Certificates (continued)

LABEL

DESCRIPTION

Page 192 / 421

Chapter 12 Certificates

P-660HN-FxZ Series User’s Guide

189

The following table describes the labels in this screen.

12.2.2

My Certificate Create

Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate

with a certification authority or generate a certification request. Click

Security

Certificates

My Certificates

Create

to open the

My Certificate Create

screen.

Figure 110

My Certificate Create

The following table describes the labels in this screen.

Table 67

My Certificate Import

LABEL

DESCRIPTION

File Path

Type in the location of the file you want to upload in this field or click

Browse

to find it.

Browse

Click this to find the certificate file you want to upload.

Back

Click this to return to the previous screen without saving.

Apply

Click this to save the certificate on the ZyXEL Device.

Cancel

Click this to clear your settings.

Table 68

My Certificate Create

LABEL

DESCRIPTION

Certificate Name

Type up to 31 ASCII characters (not including spaces) to identify this

certificate.

Subject Information

Use these fields to record information that identifies the owner of the

certificate. You do not have to fill in every field, although the

Common Name

is mandatory. The certification authority may add fields (such as a serial

number) to the subject information when it issues a certificate. It is

recommended that each certificate have unique subject information.

Page 193 / 421

Chapter 12 Certificates

P-660HN-FxZ Series User’s Guide

190

Common Name

Select a radio button to identify the certificate’s owner by IP address, domain

name or e-mail address. Type the IP address (in dotted decimal notation),

domain name or e-mail address in the field provided. The domain name or e-

mail address can be up to 31 ASCII characters. The domain name or e-mail

address is for identification purposes only and can be any string.

Organizational Unit

Type up to 127 characters to identify the organizational unit or department to

which the certificate owner belongs. You may use any character, including

spaces, but the ZyXEL Device drops trailing spaces.

Organization

Type up to 127 characters to identify the company or group to which the

certificate owner belongs. You may use any character, including spaces, but

the ZyXEL Device drops trailing spaces.

Country

Type up to 127 characters to identify the nation where the certificate owner is

located. You may use any character, including spaces, but the ZyXEL Device

drops trailing spaces.

Key Length

Select a number from the drop-down list box to determine how many bits the

key should use (512 to 2048). The longer the key, the more secure it is. A

longer key also uses more PKI storage space.

Enrollment Options

These radio buttons deal with how and when the certificate is to be generated.

Create a self-signed

certificate

Select

Create a self-signed certificate

to have the ZyXEL Device generate

the certificate and act as the Certification Authority (CA) itself. This way you do

not need to apply to a certification authority for certificates.

Create a certification

request and save it

locally for later

manual enrollment

Select

Create a certification request and save it locally for later manual

enrollment

to have the ZyXEL Device generate and store a request for a

certificate. Use the

My Certificate Details

screen to view the certification

request and copy it to send to the certification authority.

Copy the certification request from the

My Certificate Details

screen (see

Section 12.2.3 on page 191

) and then send it to the certification authority.

Create a certification

request and enroll for

a certificate

immediately online

Select

Create a certification request and enroll for a certificate

immediately online

to have the ZyXEL Device generate a request for a

certificate and apply to a certification authority for a certificate.

You must have the certification authority’s certificate already imported in the

Trusted CAs

screen.

When you select this option, you must select the certification authority’s

enrollment protocol and the certification authority’s certificate from the drop-

down list boxes and enter the certification authority’s server address. You also

need to fill in the

Reference Number

and

Key

if the certification authority

requires them.

Enrollment Protocol

Select the certification authority’s enrollment protocol from the drop-down list

box.

Simple Certificate Enrollment Protocol (SCEP)

is a TCP-based enrollment

protocol that was developed by VeriSign and Cisco.

Certificate Management Protocol (CMP)

is a TCP-based enrollment protocol

that was developed by the Public Key Infrastructure X.509 working group of

the Internet Engineering Task Force (IETF) and is specified in RFC 2510.

CA Server Address

Enter the IP address (or URL) of the certification authority server.

CA Certificate

Select the certification authority’s certificate from the

CA Certificate

drop-

down list box.

You must have the certification authority’s certificate already imported in the

Trusted CAs

screen. Click

Trusted CAs

to go to the

Trusted CAs

screen

where you can view (and manage) the ZyXEL Device's list of certificates of

trusted certification authorities.

Table 68

My Certificate Create (continued)

LABEL

DESCRIPTION

Page 194 / 421

Chapter 12 Certificates

P-660HN-FxZ Series User’s Guide

191

After you click

Apply

in the

My Certificate Create

screen, you see a screen that tells you the

ZyXEL Device is generating the self-signed certificate or certification request.

After the ZyXEL Device successfully enrolls a certificate or generates a certification request

or a self-signed certificate, you see a screen with a

Return

button that takes you back to the

My Certificates

screen.

If you configured the

My Certificate Create

screen to have the ZyXEL Device enroll a

certificate and the certificate enrollment is not successful, you see a screen with a

Return

button that takes you back to the

My Certificate Create

screen. Click

Return

and check your

information in the

My Certificate Create

screen. Make sure that the certification authority

information is correct and that your Internet connection is working properly if you want the

ZyXEL Device to enroll a certificate online.

12.2.3

My Certificate Details

Use this screen to view in-depth certificate information and change the certificate’s name. In

the case of a self-signed certificate, you can set it to be the one that the ZyXEL Device uses to

sign the trusted remote host certificates that you import to the ZyXEL Device. Click

Security

Certificates

My Certificates

to open the

My Certificates

screen (see

Figure 108 on page

186

). Click the edit icon

to open the

My Certificate Details

screen.

Request

Authentication

When you select

Create a certification request and enroll for a certificate

immediately online

, the certification authority may want you to include a

reference number and key to identify you when you send a certification

request. Fill in both the

Reference Number

and the

Key

fields if your

certification authority uses CMP enrollment protocol. Just fill in the

Key

field if

your certification authority uses the SCEP enrollment protocol.

Key

Type the key that the certification authority gave you.

Back

Click this to return to the previous screen without saving.

Apply

Click this to save the certificate on the ZyXEL Device.

Cancel

Click this to clear your settings.

Table 68

My Certificate Create (continued)

LABEL

DESCRIPTION

Page 195 / 421

Chapter 12 Certificates

P-660HN-FxZ Series User’s Guide

192

Figure 111

My Certificate Details

The following table describes the labels in this screen.

Table 69

My Certificate Details

LABEL

DESCRIPTION

Certificate Name

This field displays the identifying name of this certificate. If you want to change

the name, type up to 31 characters to identify this certificate. You may use any

character (not including spaces).

Property

Default self-signed

certificate which

signs the imported

remote host

certificates.

Select this check box to have the ZyXEL Device use this certificate to sign the

trusted remote host certificates that you import to the ZyXEL Device. This check

box is only available with self-signed certificates.

If this check box is already selected, you cannot clear it in this screen, you must

select this check box in another self-signed certificate’s details screen. This

automatically clears the check box in the details screen of the certificate that

was previously set to sign the imported trusted remote host certificates.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share