1. Home
    2. /
  2. Manuals
    3. /
  3. Zyxel
    4. /
  4. ZyWALL-USG50
    5. /
  5. 130
Page 646 / 944 Scroll up to view Page 641 - 645
Chapter 41 Certificates
ZyWALL USG 50 User’s Guide
646
41.2.3
The My Certificates Import Screen
Click
Configuration > Object > Certificate > My Certificates > Import
to
open the
My Certificate Import
screen. Follow the instructions in this screen to
save an existing certificate to the ZyWALL.
Note: You can import a certificate that matches a corresponding certification request
that was generated by the ZyWALL. You can also import a certificate in
PKCS#12 format, including the certificate’s public and private keys.
The certificate you import replaces the corresponding request in the
My
Certificates
screen.
You must remove any spaces from the certificate’s filename before you can import
it.
Figure 369
Configuration > Object > Certificate > My Certificates > Import
The following table describes the labels in this screen.
OK
Click
OK
to save your changes back to the ZyWALL. You can only
change the name.
Cancel
Click
Cancel
to quit and return to the
My Certificates
screen.
Table 198
Configuration > Object > Certificate > My Certificates > Edit
LABEL
DESCRIPTION
Table 199
Configuration > Object > Certificate > My Certificates > Import
LABEL
DESCRIPTION
File Path
Type in the location of the file you want to upload in this field or click
Browse
to find it.
You cannot import a certificate with the same name as a certificate that is
already in the ZyWALL.
Browse
Click
Browse
to find the certificate file you want to upload.
Page 647 / 944
Chapter 41 Certificates
ZyWALL USG 50 User’s Guide
647
41.3
The Trusted Certificates Screen
Click
Configuration > Object > Certificate > Trusted Certificates
to open the
Trusted Certificates
screen. This screen displays a summary list of certificates
that you have set the ZyWALL to accept as trusted. The ZyWALL also accepts any
valid certificate signed by a certificate on this list as being trustworthy; thus you
do not need to import any certificate that is signed by one of these certificates.
Figure 370
Configuration > Object > Certificate > Trusted Certificates
The following table describes the labels in this screen.
Password
This field only applies when you import a binary PKCS#12 format file. Type the
file’s password that was created when the PKCS #12 file was exported.
OK
Click
OK
to save the certificate on the ZyWALL.
Cancel
Click
Cancel
to quit and return to the
My Certificates
screen.
Table 199
Configuration > Object > Certificate > My Certificates > Import (continued)
LABEL
DESCRIPTION
Table 200
Configuration > Object > Certificate > Trusted Certificates
LABEL
DESCRIPTION
PKI Storage
Space in Use
This bar displays the percentage of the ZyWALL’s PKI storage space that
is currently in use. When the storage space is almost full, you should
consider deleting expired or unnecessary certificates before adding
more certificates.
Edit
Double-click an entry or select it and click
Edit
to open a screen with an
in-depth list of information about the certificate.
Remove
The ZyWALL keeps all of your certificates unless you specifically delete
them. Uploading a new firmware or default configuration file does not
delete your certificates. To remove an entry, select it and click
Remove
.
The ZyWALL confirms you want to remove it before doing so.
Subsequent certificates move up by one when you take this action.
Page 648 / 944
Chapter 41 Certificates
ZyWALL USG 50 User’s Guide
648
41.3.1
The Trusted Certificates Edit Screen
Click
Configuration > Object > Certificate > Trusted Certificates
and then a
certificate’s
Edit
icon to open the
Trusted Certificates Edit
screen. Use this
screen to view in-depth information about the certificate, change the certificate’s
name and set whether or not you want the ZyWALL to check a certification
Object
References
You cannot delete certificates that any of the ZyWALL’s features are
configured to use. Select an entry and click
Object Reference
s to open
a screen that shows which settings use the entry. See
Section 11.3.2 on
page 230
for an example.
#
This field displays the certificate index number. The certificates are
listed in alphabetical order.
Name
This field displays the name used to identify this certificate.
Subject
This field displays identifying information about the certificate’s owner,
such as CN (Common Name), OU (Organizational Unit or department),
O (Organization or company) and C (Country). It is recommended that
each certificate have unique subject information.
Issuer
This field displays identifying information about the certificate’s issuing
certification authority, such as a common name, organizational unit or
department, organization or company and country. With self-signed
certificates, this is the same information as in the
Subject
field.
Valid From
This field displays the date that the certificate becomes applicable.
Valid To
This field displays the date that the certificate expires. The text displays
in red and includes an Expired! message if the certificate has expired.
Import
Click
Import
to open a screen where you can save the certificate of a
certification authority that you trust, from your computer to the
ZyWALL.
Refresh
Click this button to display the current validity status of the certificates.
Table 200
Configuration > Object > Certificate > Trusted Certificates (continued)
LABEL
DESCRIPTION
Page 649 / 944
Chapter 41 Certificates
ZyWALL USG 50 User’s Guide
649
authority’s list of revoked certificates before trusting a certificate issued by the
certification authority.
Figure 371
Configuration > Object > Certificate > Trusted Certificates > Edit
Page 650 / 944
Chapter 41 Certificates
ZyWALL USG 50 User’s Guide
650
The following table describes the labels in this screen.
Table 201
Configuration > Object > Certificate > Trusted Certificates > Edit
LABEL
DESCRIPTION
Name
This field displays the identifying name of this certificate. You can
change the name. You can use up to 31 alphanumeric and
;‘~!@#$%^&()_+[]{}’,.=-
characters.
Certification Path
Click the
Refresh
button to have this read-only text box display the
end entity’s certificate and a list of certification authority certificates
that shows the hierarchy of certification authorities that validate the
end entity’s certificate. If the issuing certification authority is one that
you have imported as a trusted certificate, it may be the only
certification authority in the list (along with the end entity’s own
certificate). The ZyWALL does not trust the end entity’s certificate and
displays “Not trusted” in this field if any certificate on the path has
expired or been revoked.
Refresh
Click
Refresh
to display the certification path.
Enable X.509v3
CRL Distribution
Points and OCSP
checking
Select this check box to have the ZyWALL check incoming certificates
that are signed by this certificate against a Certificate Revocation List
(CRL) or an OCSP server. You also need to configure the OSCP or
LDAP server details.
OCSP Server
Select this check box if the directory server uses OCSP (Online
Certificate Status Protocol).
URL
Type the protocol, IP address and pathname of the OCSP server.
ID
The ZyWALL may need to authenticate itself in order to assess the
OCSP server. Type the login name (up to 31 ASCII characters) from
the entity maintaining the server (usually a certification authority).
Password
Type the password (up to 31 ASCII characters) from the entity
maintaining the OCSP server (usually a certification authority).
LDAP Server
Select this check box if the directory server uses LDAP (Lightweight
Directory Access Protocol). LDAP is a protocol over TCP that specifies
how clients access directories of certificates and lists of revoked
certificates.
Address
Type the IP address (in dotted decimal notation) of the directory
server.
Port
Use this field to specify the LDAP server port number. You must use
the same server port number that the directory server uses. 389 is
the default server port number for LDAP.
ID
The ZyWALL may need to authenticate itself in order to assess the
CRL directory server. Type the login name (up to 31 ASCII characters)
from the entity maintaining the server (usually a certification
authority).
Password
Type the password (up to 31 ASCII characters) from the entity
maintaining the CRL directory server (usually a certification
authority).
Certificate
Information
These read-only fields display detailed information about the
certificate.

Rate

124.8 / 5 based on 304 votes.

Popular Zyxel Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top