Chapter 33 Certificates
The following table describes the labels in this screen.
Table 164 Configuration > Object > Certificate > Trusted Certificates > Edit
LABEL | DESCRIPTION |
Name | This field displays the identifying name of this certificate. You can change the name. |
| You can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=- characters. |
|
|
Certification Path | Click the Refresh button to have this |
| certificate and a list of certification authority certificates that shows the hierarchy of |
| certification authorities that validate the end entity’s certificate. If the issuing |
| certification authority is one that you have imported as a trusted certificate, it may be |
| the only certification authority in the list (along with the end entity’s own certificate). |
| The ZyWALL does not trust the end entity’s certificate and displays “Not trusted” in this |
| field if any certificate on the path has expired or been revoked. |
|
|
Refresh | Click Refresh to display the certification path. |
|
|
Enable X.509v3 CRL | Select this check box to turn on/off certificate revocation. When it is turned on, the |
Distribution Points | ZyWALL validates a certificate by getting Certificate Revocation List (CRL) through |
and OCSP checking | HTTP or LDAP (can be configured after selecting the LDAP Server check box) and |
| online responder (can be configured after selecting the OCSP Server check box). |
|
|
OCSP Server | Select this check box if the directory server uses OCSP (Online Certificate Status |
| Protocol). |
|
|
URL | Type the protocol, IP address and path name of the OCSP server. |
|
|
ID | The ZyWALL may need to authenticate itself in order to assess the OCSP server. Type |
| the login name (up to 31 ASCII characters) from the entity maintaining the server |
| (usually a certification authority). |
|
|
Password | Type the password (up to 31 ASCII characters) from the entity maintaining the OCSP |
| server (usually a certification authority). |
|
|
LDAP Server | Select this check box if the directory server uses LDAP (Lightweight Directory Access |
| Protocol). LDAP is a protocol over TCP that specifies how clients access directories of |
| certificates and lists of revoked certificates. |
|
|
Address | Type the IP address (in dotted decimal notation) of the directory server. |
|
|
Port | Use this field to specify the LDAP server port number. You must use the same server |
| port number that the directory server uses. 389 is the default server port number for |
| LDAP. |
|
|
ID | The ZyWALL may need to authenticate itself in order to assess the CRL directory server. |
| Type the login name (up to 31 ASCII characters) from the entity maintaining the server |
| (usually a certification authority). |
|
|
Password | Type the password (up to 31 ASCII characters) from the entity maintaining the CRL |
| directory server (usually a certification authority). |
|
|
Certificate | These |
Information |
|
|
|
Type | This field displays general information about the certificate. |
| Certification Authority signed the certificate. |
| owner signed the certificate (not a certification authority). X.509 means that this |
| certificate was created and signed according to the |
| defines the formats for |
|
|
Version | This field displays the X.509 version number. |
|
|
Serial Number | This field displays the certificate’s identification number given by the certification |
| authority. |
|
|
Subject | This field displays information that identifies the owner of the certificate, such as |
| Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C). |
|
|
426 |
|
ZyWALL 110/310/1100 Series User’s Guide | |
|
|