|
| Chapter 19 Certificates | |
| Table 105 My Certificate Create (continued) | ||
| LABEL | DESCRIPTION |
|
| Country | Type up to 127 characters to identify the nation where the certificate owner is |
|
|
| located. You may use any character, including spaces, but the ZyXEL Device |
|
|
| drops trailing spaces. |
|
|
|
|
|
| Key Length | Select a number from the |
|
|
| key should use (512 to 2048). The longer the key, the more secure it is. A |
|
|
| longer key also uses more PKI storage space. |
|
|
|
|
|
| Enrollment Options | These radio buttons deal with how and when the certificate is to be generated. |
|
|
|
|
|
| Create a | Select Create a |
|
| certificate | the certificate and act as the Certification Authority (CA) itself. This way you do |
|
|
| not need to apply to a certification authority for certificates. |
|
|
|
|
|
| Create a certification | Select Create a certification request and save it locally for later manual |
|
| request and save it | enrollment to have the ZyXEL Device generate and store a request for a |
|
| locally for later | certificate. Use the My Certificate Details screen to view the certification |
|
| manual enrollment | request and copy it to send to the certification authority. |
|
|
| Copy the certification request from the My Certificate Details screen (see |
|
|
| Section 19.7 on page 270) and then send it to the certification authority. |
|
|
|
|
|
| Create a certification | Select Create a certification request and enroll for a certificate |
|
| request and enroll for | immediately online to have the ZyXEL Device generate a request for a |
|
| a certificate | certificate and apply to a certification authority for a certificate. |
|
| immediately online | You must have the certification authority’s certificate already imported in the |
|
|
| Trusted CAs screen. |
|
|
| When you select this option, you must select the certification authority’s |
|
|
| enrollment protocol and the certification authority’s certificate from the drop- |
|
|
| down list boxes and enter the certification authority’s server address. You also |
|
|
| need to fill in the Reference Number and Key if the certification authority |
|
|
| requires them. |
|
|
|
|
|
| Enrollment Protocol | Select the certification authority’s enrollment protocol from the |
|
|
| box. |
|
|
| Simple Certificate Enrollment Protocol (SCEP) is a |
|
|
| protocol that was developed by VeriSign and Cisco. |
|
|
| Certificate Management Protocol (CMP) is a |
|
|
| protocol that was developed by the Public Key Infrastructure X.509 working |
|
|
| group of the Internet Engineering Task Force (IETF) and is specified in RFC |
|
|
| 2510. |
|
|
|
|
|
| CA Server Address | Enter the IP address (or URL) of the certification authority server. |
|
|
|
|
|
| CA Certificate | Select the certification authority’s certificate from the CA Certificate drop- |
|
|
| down list box. |
|
|
| You must have the certification authority’s certificate already imported in the |
|
|
| Trusted CAs screen. Click Trusted CAs to go to the Trusted CAs screen |
|
|
| where you can view (and manage) the ZyXEL Device's list of certificates of |
|
|
| trusted certification authorities. |
|
|
|
|
|
| Request | When you select Create a certification request and enroll for a certificate |
|
| Authentication | immediately online, the certification authority may want you to include a |
|
|
| reference number and key to identify you when you send a certification |
|
|
| request. Fill in both the Reference Number and the Key fields if your |
|
|
| certification authority uses CMP enrollment protocol. Just fill in the Key field if |
|
|
| your certification authority uses the SCEP enrollment protocol. |
|
|
|
|
|
| Key | Type the key that the certification authority gave you. |
|
|
|
|
|
| Apply | Click Apply to begin certificate or certification request generation. |
|
|
|
|
|
| Cancel | Click Cancel to quit and return to the My Certificates screen. |
|
|
|
|
|
| 269 |
|
|