1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. P-660R-F1
    5. /
  5. 24
Page 116 / 268 Scroll up to view Page 111 - 115
Chapter 9 Certificates
P-660R-F1 Series User’s Guide
116
Certificate File Formats
The certification authority certificate that you want to import has to be in one of these file formats:
Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates.
PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters,
uppercase letters and numerals to convert a binary X.509 certificate into a printable form.
Binary PKCS#7: This is a standard that defines the general syntax for data (including digital
signatures) that may be encrypted. The ZyXEL Device currently allows the importation of a
PKS#7 file that contains a single certificate.
PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII
characters to convert a binary PKCS#7 certificate into a printable form.
Page 117 / 268
Chapter 9 Certificates
P-660R-F1 Series User’s Guide
117
9.2
The My Certificates Screen
This is the ZyXEL Device’s summary list of certificates and certification requests. Certificates display
in black and certification requests display in gray. Click
Security > Certificates > My
Certificates
to open the
My Certificates
screen.
Figure 71
My Certificates
The following table describes the labels in this screen.
Table 41
My Certificates
LABEL
DESCRIPTION
PKI Storage
Space in Use
This bar displays the percentage of the ZyXEL Device’s PKI storage space that is
currently in use. The bar turns from green to red when the maximum is being
approached. When the bar is red, you should consider deleting expired or
unnecessary certificates before adding more certificates.
My Certificate
Setting
#
This field displays the certificate index number. The certificates are listed in
alphabetical order.
Name
This field displays the name used to identify this certificate. It is recommended
that you give each certificate a unique name.
Type
This field displays what kind of certificate this is.
REQ
represents a certification request and is not yet a valid certificate. Send a
certification request to a certification authority, which then issues a certificate.
Use the
My Certificate Import
screen to import the certificate and replace the
request.
SELF
represents a self-signed certificate.
*SELF
represents the default self-signed certificate, which the ZyXEL Device
uses to sign imported trusted remote host certificates.
CERT
represents a certificate issued by a certification authority.
Page 118 / 268
Chapter 9 Certificates
P-660R-F1 Series User’s Guide
118
9.2.1
My Certificate Import
Follow the instructions in this screen to save an existing certificate to the ZyXEL Device. Click
Security > Certificates > My Certificates
and then
Import
to open the
My Certificate Import
screen.
Note: You can only import a certificate that matches a corresponding certification request
that was generated by the ZyXEL Device.
Note: The certificate you import replaces the corresponding request in the
My
Certificates
screen.
Subject
This field displays identifying information about the certificate’s owner, such as
CN (Common Name), OU (Organizational Unit or department), O (Organization
or company) and C (Country). It is recommended that each certificate have
unique subject information.
Issuer
This field displays identifying information about the certificate’s issuing
certification authority, such as a common name, organizational unit or
department, organization or company and country. With self-signed certificates,
this is the same information as in the
Subject
field.
Valid From
This field displays the date that the certificate becomes applicable. The text
displays in red and includes a Not Yet Valid! message if the certificate has not yet
become applicable.
Valid To
This field displays the date that the certificate expires. The text displays in red
and includes an Expiring! or Expired! message if the certificate is about to expire
or has already expired.
Modify
Click the
Edit
icon to open a screen with an in-depth list of information about the
certificate.
Click the
Remove
icon to remove the certificate. A window displays asking you
to confirm that you want to delete the certificate.
You cannot delete a certificate that one or more features is configured to use.
Do the following to delete a certificate that shows
*SELF
in the
Type
field.
1. Make sure that no other features, such as HTTPS, VPN, SSH
are configured to
use the
*SELF
certificate.
2. Click the
Edit
icon next to another self-signed certificate (see the description
on the
Create
button if you need to create a self-signed certificate).
3.
Select the
Default self-signed certificate which signs the imported
remote host certificates
check box.
4. Click
Apply
to save the changes and return to the
My Certificates
screen.
5. The certificate that originally showed
*SELF
displays
SELF
and you can delete
it now.
Note that subsequent certificates move up by one when you take this action
Create
Click this to go to the screen where you can have the ZyXEL Device generate a
certificate or a certification request.
Import
Click this to open a screen where you can save the certificate that you have
enrolled from a certification authority from your computer to the ZyXEL Device.
Refresh
Click this to display the current validity status of the certificates.
LABEL
DESCRIPTION
Page 119 / 268
Chapter 9 Certificates
P-660R-F1 Series User’s Guide
119
Note: You must remove any spaces from the certificate’s filename before you can import
it.
Figure 72
My Certificate Import
The following table describes the labels in this screen.
Table 42
My Certificate Import
LABEL
DESCRIPTION
File Path
Type in the location of the file you want to upload in this field or click
Browse
to find it.
Browse
Click this to find the certificate file you want to upload.
Back
Click this to return to the previous screen without saving.
Apply
Click this to save the certificate on the ZyXEL Device.
Cancel
Click this to clear your settings.
Page 120 / 268
Chapter 9 Certificates
P-660R-F1 Series User’s Guide
120
9.2.2
My Certificate Create
Use this screen to have the ZyXEL Device create a self-signed certificate, enroll a certificate with a
certification authority or generate a certification request. Click
Security > Certificates > My
Certificates > Create
to open the
My Certificate Create
screen.
Figure 73
My Certificate Create
The following table describes the labels in this screen.
Table 43
My Certificate Create
LABEL
DESCRIPTION
Certificate Name
Type up to 31 ASCII characters (not including spaces) to identify this
certificate.
Subject Information
Use these fields to record information that identifies the owner of the
certificate. You do not have to fill in every field, although the
Common
Name
is mandatory. The certification authority may add fields (such as a
serial number) to the subject information when it issues a certificate. It is
recommended that each certificate have unique subject information.
Common Name
Select a radio button to identify the certificate’s owner by IP address, domain
name or e-mail address. Type the IP address (in dotted decimal notation),
domain name or e-mail address in the field provided. The domain name or e-
mail address can be up to 31 ASCII characters. The domain name or e-mail
address is for identification purposes only and can be any string.
Organizational Unit
Type up to 127 characters to identify the organizational unit or department to
which the certificate owner belongs. You may use any character, including
spaces, but the ZyXEL Device drops trailing spaces.
Organization
Type up to 127 characters to identify the company or group to which the
certificate owner belongs. You may use any character, including spaces, but
the ZyXEL Device drops trailing spaces.

Rate

4.5 / 5 based on 2 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top