Chapter 14 Certificates
Table 63 Trusted CA Details (continued)
LABEL | DESCRIPTION |
Certificate | These |
Information |
|
|
|
Type | This field displays general information about the certificate. |
| that a Certification Authority signed the certificate. |
| certificate’s owner signed the certificate (not a certification authority). X.509 |
| means that this certificate was created and signed according to the |
| recommendation that defines the formats for |
|
|
Version | This field displays the X.509 version number. |
|
|
Serial Number | This field displays the certificate’s identification number given by the certification |
| authority. |
|
|
Subject | This field displays information that identifies the owner of the certificate, such as |
| Common Name (CN), Organizational Unit (OU), Organization (O) and Country |
| (C). |
|
|
Issuer | This field displays identifying information about the certificate’s issuing |
| certification authority, such as Common Name, Organizational Unit, |
| Organization and Country. |
| With |
| Name field. |
|
|
Signature Algorithm | This field displays the type of algorithm that was used to sign the certificate. |
| Some certification authorities use |
| encryption algorithm and the SHA1 hash algorithm). Other certification |
| authorities may use |
| algorithm and the MD5 hash algorithm). |
|
|
Valid From | This field displays the date that the certificate becomes applicable. The text |
| displays in red and includes a Not Yet Valid! message if the certificate has not |
| yet become applicable. |
|
|
Valid To | This field displays the date that the certificate expires. The text displays in red |
| and includes an Expiring! or Expired! message if the certificate is about to expire |
| or has already expired. |
|
|
Key Algorithm | This field displays the type of algorithm that was used to generate the |
| certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length of |
| the key set in bits (1024 bits for example). |
|
|
Subject Alternative | This field displays the certificate’s owner‘s IP address (IP), domain name (DNS) |
Name | or |
|
|
Key Usage | This field displays for what functions the certificate’s key can be used. For |
| example, “DigitalSignature” means that the key can be used to sign certificates |
| and “KeyEncipherment” means that the key can be used to encrypt text. |
|
|
Basic Constraint | This field displays general information about the certificate. For example, |
| Subject Type=CA means that this is a certification authority’s certificate and |
| “Path Length Constraint=1” means that there can only be one certification |
| authority in the certificate’s path. |
|
|
CRL Distribution | This field displays how many directory servers with Lists of revoked certificates |
Points | the issuing certification authority of this certificate makes available. This field |
| also displays the domain names or IP addresses of the servers. |
|
|
MD5 Fingerprint | This is the certificate’s message digest that the ZyXEL Device calculated using |
| the MD5 algorithm. You cannot use this value to verify that this is the remote |
| host’s actual certificate because the ZyXEL Device has signed the certificate; |
| thus causing this value to be different from that of the remote host’s actual |
| certificate. See Section 14.3 on page 158 for how to verify a remote host’s |
| certificate before you import it into the ZyXEL Device. |
|
|
172 |
| |
ZyXEL |
| |
|
|
|