Chapter 41 Certificates

 

Table 197 Configuration > Object > Certificate > My Certificates > Add (continued)

 

LABEL

DESCRIPTION

 

 

Create a

Select this to have the ZyWALL generate and store a request for a

 

 

certification

certificate. Use the My Certificate Details screen to view the

 

 

request and save it

certification request and copy it to send to the certification authority.

 

 

locally for later

Copy the certification request from the My Certificate Details

 

 

manual enrollment

 

 

 

screen (see Section 41.2.2 on page 643) and then send it to the

 

 

 

certification authority.

 

 

 

 

 

 

Create a

Select this to have the ZyWALL generate a request for a certificate

 

 

certification

and apply to a certification authority for a certificate.

 

 

request and enroll

You must have the certification authority’s certificate already

 

 

for a certificate

 

 

imported in the Trusted Certificates screen.

 

 

immediately online

 

 

 

When you select this option, you must select the certification

 

 

 

authority’s enrollment protocol and the certification authority’s

 

 

 

certificate from the drop-down list boxes and enter the certification

 

 

 

authority’s server address. You also need to fill in the Reference

 

 

 

Number and Key if the certification authority requires them.

 

 

 

 

 

 

Enrollment

This field applies when you select Create a certification request

 

 

Protocol

and enroll for a certificate immediately online. Select the

 

 

 

certification authority’s enrollment protocol from the drop-down list

 

 

 

box.

 

 

 

Simple Certificate Enrollment Protocol (SCEP) is a TCP-based

 

 

 

enrollment protocol that was developed by VeriSign and Cisco.

 

 

 

Certificate Management Protocol (CMP) is a TCP-based

 

 

 

enrollment protocol that was developed by the Public Key

 

 

 

Infrastructure X.509 working group of the Internet Engineering Task

 

 

 

Force (IETF) and is specified in RFC 2510.

 

 

 

 

 

 

CA Server Address

This field applies when you select Create a certification request

 

 

 

and enroll for a certificate immediately online. Enter the IP

 

 

 

address (or URL) of the certification authority server.

 

 

 

For a URL, you can use up to 511 of the following characters. a-zA-

 

 

 

Z0-9'()+,/:.=?;!*#@$_%-

 

 

 

 

 

 

CA Certificate

This field applies when you select Create a certification request

 

 

 

and enroll for a certificate immediately online. Select the

 

 

 

certification authority’s certificate from the CA Certificate drop-

 

 

 

down list box.

 

 

 

You must have the certification authority’s certificate already

 

 

 

imported in the Trusted Certificates screen. Click Trusted CAs to

 

 

 

go to the Trusted Certificates screen where you can view (and

 

 

 

manage) the ZyWALL's list of certificates of trusted certification

 

 

 

authorities.

 

 

 

 

 

 

641

ZyWALL USG 50 User’s Guide