ZyWALL 5/35/70 Series User’s Guide

Table 113 My Certificate Details (continued)

LABEL

DESCRIPTION

 

 

Subject Alternative

This field displays the certificate owner‘s IP address (IP), domain name (DNS) or

Name

e-mail address (EMAIL).

Key Usage

This field displays for what functions the certificate’s key can be used. For

 

example, “DigitalSignature” means that the key can be used to sign certificates

 

and “KeyEncipherment” means that the key can be used to encrypt text.

Basic Constraint

This field displays general information about the certificate. For example,

 

Subject Type=CA means that this is a certification authority’s certificate and

 

“Path Length Constraint=1” means that there can only be one certification

 

authority in the certificate’s path.

MD5 Fingerprint

This is the certificate’s message digest that the ZyWALL calculated using the

 

MD5 algorithm.

SHA1 Fingerprint

This is the certificate’s message digest that the ZyWALL calculated using the

 

SHA1 algorithm.

Certificate in PEM

This read-only text box displays the certificate or certification request in Privacy

(Base-64) Encoded

Enhanced Mail (PEM) format. PEM uses 64 ASCII characters to convert the

Format

binary certificate into a printable form.

 

You can copy and paste a certification request into a certification authority’s web

 

page, an e-mail that you send to the certification authority or a text editor and

 

save the file on a management computer for later manual enrollment.

 

You can copy and paste a certificate into an e-mail to send to friends or

 

colleagues or you can copy and paste a certificate into a text editor and save the

 

file on a management computer for later distribution (via floppy disk for

 

example).

Export

Click this button and then Save in the File Download screen. The Save As

 

screen opens, browse to the location that you want to use and click Save.

Apply

Click Apply to save your changes back to the ZyWALL. You can only change

 

the name, except in the case of a self-signed certificate, which you can also set

 

to be the default self-signed certificate that signs the imported trusted remote

 

host certificates.

Cancel

Click Cancel to quit and return to the My Certificates screen.

 

 

20.8 Trusted CAs

Click SECURITY, CERTIFICATES, Trusted CAs to open the Trusted CAs screen. This screen displays a summary list of certificates of the certification authorities that you have set the ZyWALL to accept as trusted. The ZyWALL accepts any valid certificate signed by a certification authority on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certification authorities.

353

Chapter 20 Certificates