Chapter 19 Certificates

Table 125 Trusted Remote Host Details (continued)

LABEL

DESCRIPTION

MD5 Fingerprint

This is the certificate’s message digest that the ZyXEL Device calculated using

 

the MD5 algorithm. You cannot use this value to verify that this is the remote

 

host’s actual certificate because the ZyXEL Device has signed the certificate;

 

thus causing this value to be different from that of the remote hosts actual

 

certificate. See Section 19.12 on page 318 for how to verify a remote host’s

 

certificate.

 

 

SHA1 Fingerprint

This is the certificate’s message digest that the ZyXEL Device calculated using

 

the SHA1 algorithm. You cannot use this value to verify that this is the remote

 

host’s actual certificate because the ZyXEL Device has signed the certificate;

 

thus causing this value to be different from that of the remote hosts actual

 

certificate. See Section 19.12 on page 318 for how to verify a remote host’s

 

certificate.

 

 

Certificate in PEM

This read-only text box displays the certificate or certification request in Privacy

(Base-64) Encoded

Enhanced Mail (PEM) format. PEM uses 64 ASCII characters to convert the

Format

binary certificate into a printable form.

 

You can copy and paste the certificate into an e-mail to send to friends or

 

colleagues or you can copy and paste the certificate into a text editor and save

 

the file on a management computer for later distribution (via floppy disk for

 

example).

 

 

Export

Click this button and then Save in the File Download screen. The Save As

 

screen opens, browse to the location that you want to use and click Save.

 

 

Apply

Click Apply to save your changes back to the ZyXEL Device. You can only

 

change the name of the certificate.

 

 

Cancel

Click Cancel to quit configuring this screen and return to the Trusted Remote

 

Hosts screen.

 

 

19.15 Directory Servers

Click Security > Certificates > Directory Servers to open the Directory Servers screen. This screen displays a summary list of directory servers (that contain lists of valid and revoked certificates) that have been saved into the ZyXEL Device. If you decide to have the ZyXEL Device check incoming certificates against the issuing certification authority’s list of revoked certificates, the ZyXEL Device first checks the server(s) listed in the CRL Distribution Points field of the incoming certificate. If the certificate does not list a server or the listed server is not available, the ZyXEL Device checks the servers listed here.

322

 

P-2602HWLNI User’s Guide