Chapter 41 Certificates

The following table describes the labels in this screen.

Table 201 Configuration > Object > Certificate > Trusted Certificates > Edit

LABEL

DESCRIPTION

Name

This field displays the identifying name of this certificate. You can

 

change the name. You can use up to 31 alphanumeric and

 

;‘~!@#$%^&()_+[]{}’,.=- characters.

 

 

Certification Path

Click the Refresh button to have this read-only text box display the

 

end entity’s certificate and a list of certification authority certificates

 

that shows the hierarchy of certification authorities that validate the

 

end entity’s certificate. If the issuing certification authority is one that

 

you have imported as a trusted certificate, it may be the only

 

certification authority in the list (along with the end entity’s own

 

certificate). The ZyWALL does not trust the end entity’s certificate and

 

displays “Not trusted” in this field if any certificate on the path has

 

expired or been revoked.

 

 

Refresh

Click Refresh to display the certification path.

 

 

Enable X.509v3

Select this check box to have the ZyWALL check incoming certificates

CRL Distribution

that are signed by this certificate against a Certificate Revocation List

Points and OCSP

(CRL) or an OCSP server. You also need to configure the OSCP or

checking

LDAP server details.

 

 

OCSP Server

Select this check box if the directory server uses OCSP (Online

 

Certificate Status Protocol).

 

 

URL

Type the protocol, IP address and pathname of the OCSP server.

 

 

ID

The ZyWALL may need to authenticate itself in order to assess the

 

OCSP server. Type the login name (up to 31 ASCII characters) from

 

the entity maintaining the server (usually a certification authority).

 

 

Password

Type the password (up to 31 ASCII characters) from the entity

 

maintaining the OCSP server (usually a certification authority).

 

 

LDAP Server

Select this check box if the directory server uses LDAP (Lightweight

 

Directory Access Protocol). LDAP is a protocol over TCP that specifies

 

how clients access directories of certificates and lists of revoked

 

certificates.

 

 

Address

Type the IP address (in dotted decimal notation) of the directory

 

server.

 

 

Port

Use this field to specify the LDAP server port number. You must use

 

the same server port number that the directory server uses. 389 is

 

the default server port number for LDAP.

 

 

ID

The ZyWALL may need to authenticate itself in order to assess the

 

CRL directory server. Type the login name (up to 31 ASCII characters)

 

from the entity maintaining the server (usually a certification

 

authority).

 

 

Password

Type the password (up to 31 ASCII characters) from the entity

 

maintaining the CRL directory server (usually a certification

 

authority).

 

 

Certificate

These read-only fields display detailed information about the

Information

certificate.

 

 

650

 

ZyWALL USG 50 User’s Guide