Page 701 / 944
Scroll up to view Page 696 - 700
Chapter 45 System
ZyWALL USG 50 User’s Guide
701
•
The issuing certificate authority of the ZyWALL’s HTTPS server certificate is not
one of the browser’s trusted certificate authorities. The issuing certificate
authority of the ZyWALL's factory default certificate is the ZyWALL itself since
the certificate is a self-signed certificate.
•
For the browser to trust a self-signed certificate, import the self-signed
certificate into your operating system as a trusted certificate.
•
To have the browser trust the certificates issued by a certificate authority,
import the certificate authority’s certificate into your operating system as a
trusted certificate. Refer to
Appendix C on page 845
for details.
45.6.7.4
Login Screen
After you accept the certificate, the ZyWALL login screen appears. The lock
displayed in the bottom of the browser status bar denotes a secure connection.
Figure 400
Login Screen (Internet Explorer)
45.6.7.5
Enrolling and Importing SSL Client Certificates
The SSL client needs a certificate if
Authenticate Client Certificates
is selected
on the ZyWALL.
You must have imported at least one trusted CA to the ZyWALL in order for the
Authenticate Client Certificates
to be active (see the Certificates chapter for
details).
Page 702 / 944
Chapter 45 System
ZyWALL USG 50 User’s Guide
702
Apply for a certificate from a Certification Authority (CA) that is trusted by the
ZyWALL (see the ZyWALL’s
Trusted CA
Web Configurator screen).
Figure 401
ZyWALL Trusted CA Screen
The CA sends you a package containing the CA’s trusted certificate(s), your
personal certificate(s) and a password to install the personal certificate(s).
45.6.7.5.1
Installing the CA’s Certificate
1
Double click the CA’s trusted certificate to produce a screen similar to the one
shown next.
Figure 402
CA Certificate Example
2
Click
Install Certificate
and follow the wizard as shown earlier in this appendix.
Page 703 / 944
Chapter 45 System
ZyWALL USG 50 User’s Guide
703
45.6.7.5.2
Installing Your Personal Certificate(s)
You need a password in advance. The CA may issue the password or you may
have to specify it during the enrollment. Double-click the personal certificate given
to you by the CA to produce a screen similar to the one shown next
1
Click
Next
to begin the wizard.
Figure 403
Personal Certificate Import Wizard 1
2
The file name and path of the certificate you double-clicked should automatically
appear in the
File name
text box. Click
Browse
if you wish to import a different
certificate.
Figure 404
Personal Certificate Import Wizard 2
Page 704 / 944
Chapter 45 System
ZyWALL USG 50 User’s Guide
704
3
Enter the password given to you by the CA.
Figure 405
Personal Certificate Import Wizard 3
4
Have the wizard determine where the certificate should be saved on your
computer or select
Place all certificates in the following store
and choose a
different location.
Figure 406
Personal Certificate Import Wizard 4
Page 705 / 944
Chapter 45 System
ZyWALL USG 50 User’s Guide
705
5
Click
Finish
to complete the wizard and begin the import process.
Figure 407
Personal Certificate Import Wizard 5
6
You should see the following screen when the certificate is correctly installed on
your computer.
Figure 408
Personal Certificate Import Wizard 6
45.6.7.6
Using a Certificate When Accessing the ZyWALL Example
Use the following procedure to access the ZyWALL via HTTPS.
1
Enter ‘https://ZyWALL IP Address/ in your browser’s web address field.
Figure 409
Access the ZyWALL Via HTTPS
19216811.live