Zyxel ZyWALL-USG50 Router Manual PDF (Setup & Configuration Guide)

Page 636 / 944 Scroll up to view Page 631 - 635

Chapter 41 Certificates

ZyWALL USG 50 User’s Guide

636

2

Make sure that the certificate has a “.cer” or “.crt” file name extension.

Figure 364

Remote Host Certificates

3

Double-click the certificate’s icon to open the

Certificate

window. Click the

Details

tab and scroll down to the

Thumbprint Algorithm

and

Thumbprint

fields.

Figure 365

Certificate Details

4

Use a secure method to verify that the certificate owner has the same information

in the

Thumbprint Algorithm

and

Thumbprint

fields. The secure method may

very based on your situation. Possible examples would be over the telephone or

through an HTTPS connection.

Page 637 / 944

Chapter 41 Certificates

ZyWALL USG 50 User’s Guide

637

41.2

The My Certificates Screen

Click

Configuration > Object > Certificate > My Certificates

to open the

My

Certificates

screen. This is the ZyWALL’s summary list of certificates and

certification requests.

Figure 366

Configuration > Object > Certificate > My Certificates

The following table describes the labels in this screen.

Table 196

Configuration > Object > Certificate > My Certificates

LABEL

DESCRIPTION

PKI Storage

Space in Use

This bar displays the percentage of the ZyWALL’s PKI storage space that

is currently in use. When the storage space is almost full, you should

consider deleting expired or unnecessary certificates before adding

more certificates.

Add

Click this to go to the screen where you can have the ZyWALL generate

a certificate or a certification request.

Edit

Double-click an entry or select it and click

Edit

to open a screen with an

in-depth list of information about the certificate.

Remove

The ZyWALL keeps all of your certificates unless you specifically delete

them. Uploading a new firmware or default configuration file does not

delete your certificates. To remove an entry, select it and click

Remove

.

The ZyWALL confirms you want to remove it before doing so.

Subsequent certificates move up by one when you take this action.

Object

References

You cannot delete certificates that any of the ZyWALL’s features are

configured to use. Select an entry and click

Object Reference

s to open

a screen that shows which settings use the entry. See

Section 11.3.2 on

page 230

for an example.

#

This field displays the certificate index number. The certificates are

listed in alphabetical order.

Name

This field displays the name used to identify this certificate. It is

recommended that you give each certificate a unique name.

Page 638 / 944

Chapter 41 Certificates

ZyWALL USG 50 User’s Guide

638

41.2.1

The My Certificates Add Screen

Click

Configuration > Object > Certificate > My Certificates

and then the

Add

icon to open the

My Certificates Add

screen. Use this screen to have the

Type

This field displays what kind of certificate this is.

REQ

represents a certification request and is not yet a valid certificate.

Send a certification request to a certification authority, which then

issues a certificate. Use the

My Certificate Import

screen to import

the certificate and replace the request.

SELF

represents a self-signed certificate.

CERT

represents a certificate issued by a certification authority.

Subject

This field displays identifying information about the certificate’s owner,

such as CN (Common Name), OU (Organizational Unit or department),

O (Organization or company) and C (Country). It is recommended that

each certificate have unique subject information.

Issuer

This field displays identifying information about the certificate’s issuing

certification authority, such as a common name, organizational unit or

department, organization or company and country. With self-signed

certificates, this is the same information as in the

Subject

field.

Valid From

This field displays the date that the certificate becomes applicable.

Valid To

This field displays the date that the certificate expires. The text displays

in red and includes an Expired! message if the certificate has expired.

Import

Click

Import

to open a screen where you can save a certificate to the

ZyWALL.

Refresh

Click

Refresh

to display the current validity status of the certificates.

Table 196

Configuration > Object > Certificate > My Certificates (continued)

LABEL

DESCRIPTION

Page 639 / 944

Chapter 41 Certificates

ZyWALL USG 50 User’s Guide

639

ZyWALL create a self-signed certificate, enroll a certificate with a certification

authority or generate a certification request.

Figure 367

Configuration > Object > Certificate > My Certificates > Add

Page 640 / 944

Chapter 41 Certificates

ZyWALL USG 50 User’s Guide

640

The following table describes the labels in this screen.

Table 197

Configuration > Object > Certificate > My Certificates > Add

LABEL

DESCRIPTION

Name

Type a name to identify this certificate. You can use up to 31

alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=-

characters.

Subject

Information

Use these fields to record information that identifies the owner of

the certificate. You do not have to fill in every field, although you

must specify a

Host IP Address

,

Host Domain Name

, or

E-Mail

.

The certification authority may add fields (such as a serial number)

to the subject information when it issues a certificate. It is

recommended that each certificate have unique subject information.

Select a radio button to identify the certificate’s owner by IP

address, domain name or e-mail address. Type the IP address (in

dotted decimal notation), domain name or e-mail address in the

field provided. The domain name or e-mail address is for

identification purposes only and can be any string.

A domain name can be up to 255 characters. You can use

alphanumeric characters, the hyphen and periods.

An e-mail address can be up to 63 characters. You can use

alphanumeric characters, the hyphen, the @ symbol, periods and

the underscore.

Organizational Unit

Identify the organizational unit or department to which the

certificate owner belongs. You can use up to 31 characters. You can

use alphanumeric characters, the hyphen and the underscore.

Organization

Identify the company or group to which the certificate owner

belongs. You can use up to 31 characters. You can use alphanumeric

characters, the hyphen and the underscore.

Town (City)

Identify the town or city where the certificate owner is located. You

can use up to 31 characters. You can use alphanumeric characters,

the hyphen and the underscore.

State, (Province)

Identify the state or province where the certificate owner is located.

You can use up to 31 characters. You can use alphanumeric

characters, the hyphen and the underscore.

Country

Identify the nation where the certificate owner is located. You can

use up to 31 characters. You can use alphanumeric characters, the

hyphen and the underscore.

Key Type

Select

RSA

to use the Rivest, Shamir and Adleman public-key

algorithm.

Select

DSA

to use the Digital Signature Algorithm public-key

algorithm.

Key Length

Select a number from the drop-down list box to determine how

many bits the key should use (512 to 2048). The longer the key, the

more secure it is. A longer key also uses more PKI storage space.

Enrollment Options

These radio buttons deal with how and when the certificate is to be

generated.

Create a self-

signed certificate

Select this to have the ZyWALL generate the certificate and act as

the Certification Authority (CA) itself. This way you do not need to

apply to a certification authority for certificates.

Rate

Popular Zyxel Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share