|
| Chapter 15 Certificates | |
| Table 82 SECURITY > CERTIFICATES > My Certificates > Create (continued) | ||
| LABEL | DESCRIPTION |
|
| Subject Alternative | Select a radio button to identify the certificate’s owner by IP address, domain |
|
| Name | name or |
|
|
| domain name or |
|
|
| mail address can be up to 31 ASCII characters. The domain name or |
|
|
| address is for identification purposes only and can be any string. |
|
|
|
|
|
| Key Length | Select a number from the |
|
|
| key should use (512 to 2048). The longer the key, the more secure it is. A |
|
|
| longer key also uses more PKI storage space. |
|
|
|
|
|
| << Basic/Advanced | Click << Basic to configure basic subject information. Click Advanced >> to |
|
| >> | configure more subject information for a certificate. |
|
|
|
|
|
| Enrollment Options | These radio buttons deal with how and when the certificate is to be generated. |
|
|
|
|
|
| Create a | Select Create a |
|
| certificate | certificate and act as the Certification Authority (CA) itself. This way you do not |
|
|
| need to apply to a certification authority for certificates. |
|
|
|
|
|
| Create a certification | Select Create a certification request and save it locally for later manual |
|
| request and save it | enrollment to have the ZyWALL generate and store a request for a certificate. |
|
| locally for later | Use the My Certificate Details screen to view the certification request and |
|
| manual enrollment | copy it to send to the certification authority. |
|
|
| Copy the certification request from the My Certificate Details screen (see |
|
|
| Section 15.6 on page 300) and then send it to the certification authority. |
|
|
|
|
|
| Create a certification | Select Create a certification request and enroll for a certificate |
|
| request and enroll for | immediately online to have the ZyWALL generate a request for a certificate |
|
| a certificate | and apply to a certification authority for a certificate. |
|
| immediately online | You must have the certification authority’s certificate already imported in the |
|
|
| Trusted CAs screen. |
|
|
| When you select this option, you must select the certification authority’s |
|
|
| enrollment protocol and the certification authority’s certificate from the drop- |
|
|
| down list boxes and enter the certification authority’s server address. You also |
|
|
| need to fill in the Reference Number and Key if the certification authority |
|
|
| requires them. |
|
|
|
|
|
| Enrollment Protocol | Select the certification authority’s enrollment protocol from the |
|
|
| box. |
|
|
| Simple Certificate Enrollment Protocol (SCEP) is a |
|
|
| protocol that was developed by VeriSign and Cisco. |
|
|
| Certificate Management Protocol (CMP) is a |
|
|
| that was developed by the Public Key Infrastructure X.509 working group of |
|
|
| the Internet Engineering Task Force (IETF) and is specified in RFC 2510. |
|
|
|
|
|
| CA Server Address | Enter the IP address (or URL) of the certification authority server. |
|
|
|
|
|
| CA Certificate | Select the certification authority’s certificate from the CA Certificate drop- |
|
|
| down list box. |
|
|
| You must have the certification authority’s certificate already imported in the |
|
|
| Trusted CAs screen. Click Trusted CAs to go to the Trusted CAs screen |
|
|
| where you can view (and manage) the ZyWALL's list of certificates of trusted |
|
|
| certification authorities. |
|
|
|
|
|
| Enrollment via an RA | If you select Create a certification request and enroll for a certificate |
|
|
| immediately online, you can select this option to apply for a certificate |
|
|
| through a RA (Registration Authority). The RA is an intermediary authorized by |
|
|
| a CA to verify each subscriber’s identity and forward the requests to the CA. |
|
|
| After the CA signs and issues the certificates, the RA distributes the |
|
|
| certificates to the subscribers. |
|
|
|
|
|
| 309 |
ZyWALL 2 Plus User’s Guide | |
|
|