Zyxel P-660R-F1 Router Manual PDF (Setup & Configuration Guide)

Home

Manuals

Zyxel

P-660R-F1

Page 131 / 268 Scroll up to view Page 126 - 130

Chapter 9 Certificates

P-660R-F1 Series User’s Guide

131

The following table describes the labels in this screen.

Table 48

Trusted Remote Hosts

9.4.1

Trusted Remote Hosts Import

Click

Security > Certificates > Trusted Remote Hosts

to open the

Trusted Remote Hosts

screen and then click Import to open the

Trusted Remote Host Import

screen. Follow the

instructions in this screen to save a trusted host’s certificate to the ZyXEL Device.

LABEL

DESCRIPTION

PKI Storage

Space in Use

This bar displays the percentage of the ZyXEL Device’s PKI storage space that is

currently in use. The bar turns from green to red when the maximum is being

approached. When the bar is red, you should consider deleting expired or

unnecessary certificates before adding more certificates.

Issuer (My

Default Self-

signed

Certificate)

This field displays identifying information about the default self-signed certificate

on the ZyXEL Device that the ZyXEL Device uses to sign the trusted remote host

certificates.

This field displays the certificate index number. The certificates are listed in

alphabetical order.

Name

This field displays the name used to identify this certificate.

Subject

This field displays identifying information about the certificate’s owner, such as

CN (Common Name), OU (Organizational Unit or department), O (Organization

or company) and C (Country). It is recommended that each certificate have

unique subject information.

Valid From

This field displays the date that the certificate becomes applicable. The text

displays in red and includes a Not Yet Valid! message if the certificate has not yet

become applicable.

Valid To

This field displays the date that the certificate expires. The text displays in red

and includes an Expiring! or Expired! message if the certificate is about to expire

or has already expired.

Modify

Click the Edit

icon to open a screen with an in-depth list of information about the

certificate.

Click the Remove

icon to remove the certificate. A window displays asking you to

confirm that you want to delete the certificate. Note that subsequent certificates

move up by one when you take this action.

Import

Click this to open a screen where you can save the certificate of a remote host

(which you trust) from your computer to the ZyXEL Device.

Refresh

Click this to display the current validity status of the certificates.

Page 132 / 268

Chapter 9 Certificates

P-660R-F1 Series User’s Guide

132

Note: The trusted remote host certificate must be a self-signed certificate; and you must

remove any spaces from its filename before you can import it.

Figure 79

Trusted Remote Host Import

The following table describes the labels in this screen.

Table 49

Trusted Remote Host Import

9.4.2

Trusted Remote Host Certificate Details

Use this screen to view in-depth information about the trusted remote host’s certificate and/or

change the certificate’s name. Click

Security > Certificates > Trusted Remote Hosts

to open

LABEL

DESCRIPTION

File Path

Type in the location of the file you want to upload in this field or click

Browse

to find it.

Browse

Click this to find the certificate file you want to upload.

Back

Click this to return to the previous screen without saving.

Apply

Click this to save the certificate on the ZyXEL Device.

Cancel

Click this to restore your previously saved settings.

Page 133 / 268

Chapter 9 Certificates

P-660R-F1 Series User’s Guide

133

the

Trusted Remote Hosts

screen. Click the details icon to open the

Trusted Remote Host

Details

screen.

Figure 80

Trusted Remote Host Details

The following table describes the labels in this screen.

Table 50

Trusted Remote Host Details

LABEL

DESCRIPTION

Certificate Name

This field displays the identifying name of this certificate. If you want to

change the name, type up to 31 characters to identify this key certificate. You

may use any character (not including spaces).

Certificate Path

Click the

Refresh

button to have this read-only text box display the end

entity’s own certificate and a list of certification authority certificates in the

hierarchy of certification authorities that validate a certificate’s issuing

certification authority. For a trusted host, the list consists of the end entity’s

own certificate and the default self-signed certificate that the ZyXEL Device

uses to sign remote host certificates.

Refresh

Click this to display the certification path.

Certificate Path

These read-only fields display detailed information about the certificate.

Type

This field displays general information about the certificate. With trusted

remote host certificates, this field always displays CA-signed. The ZyXEL

Device is the Certification Authority that signed the certificate. X.509 means

that this certificate was created and signed according to the ITU-T X.509

recommendation that defines the formats for public-key certificates.

Page 134 / 268

Chapter 9 Certificates

P-660R-F1 Series User’s Guide

134

Version

This field displays the X.509 version number.

Serial Number

This field displays the certificate’s identification number given by the device

that created the certificate.

Subject

This field displays information that identifies the owner of the certificate, such

as Common Name (CN), Organizational Unit (OU), Organization (O) and

Country (C).

Issuer

This field displays identifying information about the default self-signed

certificate on the ZyXEL Device that the ZyXEL Device uses to sign the

trusted remote host certificates.

Signature Algorithm

This field displays the type of algorithm that the ZyXEL Device used to sign

the certificate, which is rsa-pkcs1-sha1 (RSA public-private key encryption

algorithm and the SHA1 hash algorithm).

Valid From

This field displays the date that the certificate becomes applicable. The text

displays in red and includes a Not Yet Valid! message if the certificate has not

yet become applicable.

Valid To

This field displays the date that the certificate expires. The text displays in

red and includes an Expiring! or Expired! message if the certificate is about to

expire or has already expired.

Key Algorithm

This field displays the type of algorithm that was used to generate the

certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length

of the key set in bits (1024 bits for example).

Subject Alternative

Name

This field displays the certificate’s owner‘s IP address (IP), domain name

(DNS) or e-mail address (EMAIL).

Key Usage

This field displays for what functions the certificate’s key can be used. For

example, “DigitalSignature” means that the key can be used to sign

certificates and “KeyEncipherment” means that the key can be used to

encrypt text.

Basic Constraint

This field displays general information about the certificate. For example,

Subject Type=CA means that this is a certification authority’s certificate and

“Path Length Constraint=1” means that there can only be one certification

authority in the certificate’s path.

MD5 Fingerprint

This is the certificate’s message digest that the ZyXEL Device calculated using

the MD5 algorithm. You cannot use this value to verify that this is the remote

host’s correct certificate because the ZyXEL Device has signed the certificate;

thus causing this value to be different from that of the remote host’s correct

certificate.

SHA1 Fingerprint

This is the certificate’s message digest that the ZyXEL Device calculated using

the SHA1 algorithm. You cannot use this value to verify that this is the

remote host’s correct certificate because the ZyXEL Device has signed the

certificate; thus causing this value to be different from that of the remote

host’s correct certificate.

Certificate in PEM

(Base-64) Encoded

Format

This read-only text box displays the certificate or certification request in

Privacy Enhanced Mail (PEM) format. PEM uses 64 ASCII characters to

convert the binary certificate into a printable form.

You can copy and paste the certificate into an e-mail to send to friends or

colleagues or you can copy and paste the certificate into a text editor and

save the file on a management computer for later distribution (via floppy disk

for example).

Back

Click this to return to the previous screen without saving.

Export

Click this and then

Save

in the

File Download

screen. The

Save As

screen

opens, browse to the location that you want to use and click

Save

LABEL

DESCRIPTION

Page 135 / 268

Chapter 9 Certificates

P-660R-F1 Series User’s Guide

135

9.5

The Directory Servers Screens

This screen displays a summary list of directory servers (that contain lists of valid and revoked

certificates) that have been saved into the ZyXEL Device. If you decide to have the ZyXEL Device

check incoming certificates against the issuing certification authority’s list of revoked certificates,

the ZyXEL Device first checks the server(s) listed in the CRL Distribution Points field of the incoming

certificate. If the certificate does not list a server or the listed server is not available, the ZyXEL

Device checks the servers listed here. Click

Security > Certificates > Directory Servers

to open

the Directory Servers screen.

Figure 81

Directory Servers

The following table describes the labels in this screen.

Table 51

Directory Servers

Apply

Click this to save your changes. You can only change the name of the

certificate.

Cancel

Click this to restore your previously saved settings.

LABEL

DESCRIPTION

LABEL

DESCRIPTION

PKI Storage

Space in Use

This bar displays the percentage of the ZyXEL Device’s PKI storage space that is

currently in use. The bar turns from green to red when the maximum is being

approached. When the bar is red, you should consider deleting expired or

unnecessary certificates before adding more certificates.

The index number of the directory server. The servers are listed in alphabetical

order.

Name

This field displays the name used to identify this directory server.

Address

This field displays the IP address or domain name of the directory server.

Port

This field displays the port number that the directory server uses.

Protocol

This field displays the protocol that the directory server uses.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share