ZyWALL 5/35/70 Series User’s Guide
Table 112 My Certificate Create (continued)
LABEL | DESCRIPTION |
|
|
Country | Type up to 127 characters to identify the nation where the certificate owner is |
| located. You may use any character, including spaces, but the ZyWALL drops |
| trailing spaces. |
Key Length | Select a number from the |
| key should use (512 to 2048). The longer the key, the more secure it is. A |
| longer key also uses more PKI storage space. |
Enrollment Options | These radio buttons deal with how and when the certificate is to be generated. |
|
|
Create a | Select Create a |
certificate | certificate and act as the Certification Authority (CA) itself. This way you do not |
| need to apply to a certification authority for certificates. |
Create a certification | Select Create a certification request and save it locally for later manual |
request and save it | enrollment to have the ZyWALL generate and store a request for a certificate. |
locally for later manual | Use the My Certificate Details screen to view the certification request and |
enrollment | copy it to send to the certification authority. |
| Copy the certification request from the My Certificate Details screen (see |
| Section 20.7 on page 350) and then send it to the certification authority. |
Create a certification | Select Create a certification request and enroll for a certificate |
request and enroll for | immediately online to have the ZyWALL generate a request for a certificate |
a certificate | and apply to a certification authority for a certificate. |
immediately online | You must have the certification authority’s certificate already imported in the |
| Trusted CAs screen. |
| When you select this option, you must select the certification authority’s |
| enrollment protocol and the certification authority’s certificate from the drop- |
| down list boxes and enter the certification authority’s server address. You also |
| need to fill in the Reference Number and Key if the certification authority |
| requires them. |
Enrollment Protocol | Select the certification authority’s enrollment protocol from the |
| box. |
| Simple Certificate Enrollment Protocol (SCEP) is a |
| protocol that was developed by VeriSign and Cisco. |
| Certificate Management Protocol (CMP) is a |
| that was developed by the Public Key Infrastructure X.509 working group of |
| the Internet Engineering Task Force (IETF) and is specified in RFC 2510. |
CA Server Address | Enter the IP address (or URL) of the certification authority server. |
|
|
CA Certificate | Select the certification authority’s certificate from the CA Certificate drop- |
| down list box. |
| You must have the certification authority’s certificate already imported in the |
| Trusted CAs screen. Click Trusted CAs to go to the Trusted CAs screen |
| where you can view (and manage) the ZyWALL's list of certificates of trusted |
| certification authorities. |
Request | When you select Create a certification request and enroll for a certificate |
Authentication | immediately online, the certification authority may want you to include a |
| reference number and key to identify you when you send a certification |
| request. Fill in both the Reference Number and the Key fields if your |
| certification authority uses CMP enrollment protocol. Just fill in the Key field if |
| your certification authority uses the SCEP enrollment protocol. |
Key | Type the key that the certification authority gave you. |
|
|
Apply | Click Apply to begin certificate or certification request generation. |
|
|
Cancel | Click Cancel to quit and return to the My Certificates screen. |
|
|
349 | Chapter 20 Certificates |