Chapter 15 Certificates

 

Table 108 SECURITY > CERTIFICATES > Trusted Remote Hosts > Details (continued)

 

LABEL

DESCRIPTION

 

MD5 Fingerprint

This is the certificate’s message digest that the ZyWALL calculated using the

 

 

MD5 algorithm. The ZyWALL uses one of its own self-signed certificates to

 

 

sign the imported trusted remote host certificates. This changes the fingerprint

 

 

value displayed here (so it does not match the original). See Section 15.3 on

 

 

page 350 for how to verify a remote host’s certificate before you import it into

 

 

the ZyWALL.

 

 

 

 

SHA1 Fingerprint

This is the certificate’s message digest that the ZyWALL calculated using the

 

 

SHA1 algorithm. The ZyWALL uses one of its own self-signed certificates to

 

 

sign the imported trusted remote host certificates. This changes the fingerprint

 

 

value displayed here (so it does not match the original). See Section 15.3 on

 

 

page 350 for how to verify a remote host’s certificate before you import it into

 

 

the ZyWALL.

 

 

 

 

Certificate in PEM

This read-only text box displays the certificate or certification request in Privacy

 

(Base-64) Encoded

Enhanced Mail (PEM) format. PEM uses 64 ASCII characters to convert the

 

Format

binary certificate into a printable form.

 

 

You can copy and paste the certificate into an e-mail to send to friends or

 

 

colleagues or you can copy and paste the certificate into a text editor and save

 

 

the file on a management computer for later distribution (via floppy disk for

 

 

example).

 

 

 

 

Apply

Click Apply to save your changes back to the ZyWALL. You can only change

 

 

the name of the certificate.

 

 

 

 

Cancel

Click Cancel to quit configuring this screen and return to the Trusted Remote

 

 

Hosts screen.

15.16 Directory Servers

Click SECURITY > CERTIFICATES > Directory Servers to open the Directory Servers screen. This screen displays a summary list of directory servers (that contain lists of valid and revoked certificates) that have been saved into the ZyWALL. If you decide to have the ZyWALL check incoming certificates against the issuing certification authority’s list of revoked certificates, the ZyWALL first checks the server(s) listed in the CRL Distribution Points field of the incoming certificate. If the certificate does not list a server or the listed server is not available, the ZyWALL checks the servers listed here.

Figure 237 SECURITY > CERTIFICATES > Directory Servers

 

375

ZyWALL 2WG User’s Guide