|
| Chapter 41 Certificates | |
| Table 220 Object > Certificate > My Certificates > Add (continued) | ||
| LABEL | DESCRIPTION |
|
| Organization | Identify the company or group to which the certificate owner belongs. You can |
|
|
| use up to 31 characters. You can use alphanumeric characters, the hyphen |
|
|
| and the underscore. |
|
|
|
|
|
| Country | Identify the nation where the certificate owner is located. You can use up to 31 |
|
|
| characters. You can use alphanumeric characters, the hyphen and the |
|
|
| underscore. |
|
|
|
|
|
| Key Type | Select RSA to use the Rivest, Shamir and Adleman |
|
|
| Select DSA to use the Digital Signature Algorithm |
|
|
|
|
|
| Key Length | Select a number from the |
|
|
| key should use (512 to 2048). The longer the key, the more secure it is. A |
|
|
| longer key also uses more PKI storage space. |
|
|
|
|
|
| Enrollment Options | These radio buttons deal with how and when the certificate is to be generated. |
|
|
|
|
|
| Create a | Select Create a |
|
| certificate | certificate and act as the Certification Authority (CA) itself. This way you do not |
|
|
| need to apply to a certification authority for certificates. |
|
|
|
|
|
| Create a certification | Select Create a certification request and save it locally for later manual |
|
| request and save it | enrollment to have the ZyWALL generate and store a request for a certificate. |
|
| locally for later | Use the My Certificate Details screen to view the certification request and |
|
| manual enrollment | copy it to send to the certification authority. |
|
|
| Copy the certification request from the My Certificate Details screen (see |
|
|
| Section 41.2.2 on page 646) and then send it to the certification authority. |
|
|
|
|
|
| Create a certification | Select Create a certification request and enroll for a certificate |
|
| request and enroll for | immediately online to have the ZyWALL generate a request for a certificate |
|
| a certificate | and apply to a certification authority for a certificate. |
|
| immediately online | You must have the certification authority’s certificate already imported in the |
|
|
| Trusted Certificates screen. |
|
|
| When you select this option, you must select the certification authority’s |
|
|
| enrollment protocol and the certification authority’s certificate from the drop- |
|
|
| down list boxes and enter the certification authority’s server address. You also |
|
|
| need to fill in the Reference Number and Key if the certification authority |
|
|
| requires them. |
|
|
|
|
|
| Enrollment Protocol | This field applies when you select Create a certification request and enroll |
|
|
| for a certificate immediately online. Select the certification authority’s |
|
|
| enrollment protocol from the |
|
|
| Simple Certificate Enrollment Protocol (SCEP) is a |
|
|
| protocol that was developed by VeriSign and Cisco. |
|
|
| Certificate Management Protocol (CMP) is a |
|
|
| protocol that was developed by the Public Key Infrastructure X.509 working |
|
|
| group of the Internet Engineering Task Force (IETF) and is specified in RFC |
|
|
| 2510. |
|
|
|
|
|
| CA Server Address | This field applies when you select Create a certification request and enroll |
|
|
| for a certificate immediately online. Enter the IP address (or URL) of the |
|
|
| certification authority server. |
|
|
| For a URL, you can use up to 511 of the following characters. |
|
|
| :.=?;!*#@$_%- |
|
|
|
|
|
| CA Certificate | This field applies when you select Create a certification request and enroll |
|
|
| for a certificate immediately online. Select the certification authority’s |
|
|
| certificate from the CA Certificate |
|
|
| You must have the certification authority’s certificate already imported in the |
|
|
| Trusted Certificates screen. Click Trusted CAs to go to the Trusted |
|
|
| Certificates screen where you can view (and manage) the ZyWALL's list of |
|
|
| certificates of trusted certification authorities. |
|
|
|
|
|
| 645 |
ZyWALL USG 100/200 Series User’s Guide | |
|
|