Chapter 33 Certificates
5Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to verify the message.
The ZyWALL uses certificates based on
The certification authority uses its private key to sign certificates. Anyone can then use the certification authority’s public key to verify the certificates.
A certification path is the hierarchy of certification authority certificates that validate a certificate. The ZyWALL does not trust a certificate if any certificate on its path has expired or been revoked.
Certification authorities maintain directory servers with databases of valid and revoked certificates. A directory of certificates that have been revoked before the scheduled expiration is called a CRL (Certificate Revocation List). The ZyWALL can check a peer’s certificate against a directory server’s list of revoked certificates. The framework of servers, software, procedures and policies that handles keys is called PKI
Advantages of Certificates
Certificates offer the following benefits.
•The ZyWALL only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate.
•Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys.
You can have the ZyWALL act as a certification authority and sign its own certificates.
Factory Default Certificate
The ZyWALL generates its own unique
Certificate File Formats
Any certificate that you want to import has to be in one of these file formats:
•Binary X.509: This is an
•PEM
•Binary PKCS#7: This is a standard that defines the general syntax for data (including digital signatures) that may be encrypted. A PKCS #7 file is used to transfer a public key certificate. The private key is not included. The ZyWALL currently allows the importation of a PKS#7 file that contains a single certificate.
•PEM
414 |
|
ZyWALL 110/310/1100 Series User’s Guide | |
|
|