ZyWALL 2WG Support Notes
All contents copyright (c) 2006 ZyXEL Communications Corporation. 259
G12. Does ZyXEL provide CA service?
No, ZyXEL doesn't maintain CA service for customers, customers need to find CA server (trusted 3rd
party) in order to use PKI functionality on ZyWALL.
G13. What if customers don't have access to CA service, but would like to use PKI
function?
ZyXEL VPN solution provides a mechanism called "self-signed" Certificate. If you don't have access
CA service, but would like to use PKI function, please use the self-signed Certificate. Check here for
how to configure it.
G14. How can I have Self-signed certificate for ZyXEL appliance?
Each ZyXEL appliance would provide a Self-signed certificate along with default configuration file.
You can check content of Self-signed certificate in WEB GUI.
G15. Can I create self-signed certificates in addition to the default one?
Yes, you can create self-signed certificates of your own by selecting self-signed category when
creating My Certificates.
G16. Will Self-signed certificate be erased if I reset to default configuration file?
Yes, the original Self-signed certificate will be erased. But ZyXEL appliance will create a new
self-signed certificate at it's first boot-up time after resetting the configuration. But the new
self-signed certificate is different from the original one. So users also need to export the new
self-signed certificate to appliance's peer if they would like to use PKI for VPN.
G17. Will certificates stored in ZyXEL appliance be erased if I reset to default
configuration file?
Yes, My Certificates, Trusted CAs' Certificates, and Trusted Remote's Certificates will be totally
erased after erasing configuration files. Users need to enroll My Certificates and import Trusted CA's
certificates & Trusted Remote's certificates again.
G18. What can I do prior to reset appliance's configuration?
You can export Trusted CA's certificates and Trusted Remote's certificates before resetting