41
Certificates
41.1 Overview
The ZyWALL can use certificates (also called digital IDs) to authenticate users. Certificates are based on
41.1.1What You Can Do in the Certificate Screens
•Use the My Certificate screens (see Section 41.2 on page 642 to Section 41.2.3 on page 649) to generate and export
•Use the Trusted Certificates screens (see Section 41.3 on page 650 to Section 41.3.2 on page 654) to save CA certificates and trusted remote host certificates to the ZyWALL. The ZyWALL will trust any valid certificate that you have imported as a trusted certificate. It will also trust any valid certificate signed by any of the certificates that you have imported as a trusted certificate.
41.1.2What You Need to Know About Certificates
When using
These keys work like a handwritten signature (in fact, certificates are often referred to as “digital signatures”). Only you can write your signature exactly as it should look. When people know what your signature looks like, they can verify whether something was signed by you, or by someone else. In the same way, your private key “writes” your digital signature and your public key allows people to verify whether data was signed by you, or by someone else. This process works as follows.
1Tim wants to send a message to Jenny. He needs her to be sure that it comes from him, and that the message content has not been altered by anyone else along the way. Tim generates a public key pair (one public key and one private key).
2Tim keeps the private key and makes the public key openly available. This means that anyone who receives a message seeming to come from Tim can read it and verify whether it is really from him or not.
3Tim uses his private key to sign the message and sends it to Jenny.
4Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the message is from Tim, and that although other people may have been able to read the
| 639 |
ZyWALL USG 100/200 Series User’s Guide | |
|
|