Chapter 14 Certificates
Table 59 My Certificate Create (continued)
LABEL | DESCRIPTION |
Common Name | Select a radio button to identify the certificate’s owner by IP address, domain |
| name or |
| domain name or |
| mail address can be up to 31 ASCII characters. The domain name or |
| address is for identification purposes only and can be any string. |
|
|
Organizational Unit | Type up to 127 characters to identify the organizational unit or department to |
| which the certificate owner belongs. You may use any character, including |
| spaces, but the ZyXEL Device drops trailing spaces. |
|
|
Organization | Type up to 127 characters to identify the company or group to which the |
| certificate owner belongs. You may use any character, including spaces, but |
| the ZyXEL Device drops trailing spaces. |
|
|
Country | Type up to 127 characters to identify the nation where the certificate owner is |
| located. You may use any character, including spaces, but the ZyXEL Device |
| drops trailing spaces. |
|
|
Key Length | Select a number from the |
| key should use (512 to 2048). The longer the key, the more secure it is. A |
| longer key also uses more PKI storage space. |
|
|
Enrollment Options | These radio buttons deal with how and when the certificate is to be generated. |
|
|
Create a | Select Create a |
certificate | the certificate and act as the Certification Authority (CA) itself. This way you do |
| not need to apply to a certification authority for certificates. |
|
|
Create a certification | Select Create a certification request and save it locally for later manual |
request and save it | enrollment to have the ZyXEL Device generate and store a request for a |
locally for later | certificate. Use the My Certificate Details screen to view the certification |
manual enrollment | request and copy it to send to the certification authority. |
| Copy the certification request from the My Certificate Details screen (Section |
| 14.9 on page 165) and then send it to the certification authority. |
|
|
Create a certification | Select Create a certification request and enroll for a certificate |
request and enroll for | immediately online to have the ZyXEL Device generate a request for a |
a certificate | certificate and apply to a certification authority for a certificate. |
immediately online | You must have the certification authority’s certificate already imported in the |
| Trusted CAs screen. |
| When you select this option, you must select the certification authority’s |
| enrollment protocol and the certification authority’s certificate from the drop- |
| down list boxes and enter the certification authority’s server address. You also |
| need to fill in the Reference Number and Key if the certification authority |
| requires them. |
|
|
Enrollment Protocol | Select the certification authority’s enrollment protocol from the |
| box. |
| Simple Certificate Enrollment Protocol (SCEP) is a |
| protocol that was developed by VeriSign and Cisco. |
| Certificate Management Protocol (CMP) is a |
| protocol that was developed by the Public Key Infrastructure X.509 working |
| group of the Internet Engineering Task Force (IETF) and is specified in RFC |
| 2510. |
|
|
CA Server Address | Enter the IP address (or URL) of the certification authority server. |
|
|
CA Certificate | Select the certification authority’s certificate from the CA Certificate drop- |
| down list box. |
| You must have the certification authority’s certificate already imported in the |
| Trusted CAs screen. Click Trusted CAs to go to the Trusted CAs screen |
| where you can view (and manage) the ZyXEL Device's list of certificates of |
| trusted certification authorities. |
|
|
164 |
| |
ZyXEL |
| |
|
|
|