|
| Chapter 12 Certificates |
| Table 75 Trusted Remote Host Details (continued) | |
| LABEL | DESCRIPTION |
| Version | This field displays the X.509 version number. |
|
|
|
| Serial Number | This field displays the certificate’s identification number given by the device |
|
| that created the certificate. |
|
|
|
| Subject | This field displays information that identifies the owner of the certificate, such |
|
| as Common Name (CN), Organizational Unit (OU), Organization (O) and |
|
| Country (C). |
|
|
|
| Issuer | This field displays identifying information about the default |
|
| certificate on the ZyXEL Device that the ZyXEL Device uses to sign the trusted |
|
| remote host certificates. |
|
|
|
| Signature Algorithm | This field displays the type of algorithm that the ZyXEL Device used to sign the |
|
| certificate, which is |
|
| algorithm and the SHA1 hash algorithm). |
|
|
|
| Valid From | This field displays the date that the certificate becomes applicable. The text |
|
| displays in red and includes a Not Yet Valid! message if the certificate has not |
|
| yet become applicable. |
|
|
|
| Valid To | This field displays the date that the certificate expires. The text displays in red |
|
| and includes an Expiring! or Expired! message if the certificate is about to |
|
| expire or has already expired. |
|
|
|
| Key Algorithm | This field displays the type of algorithm that was used to generate the |
|
| certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length |
|
| of the key set in bits (1024 bits for example). |
|
|
|
| Subject Alternative | This field displays the certificate’s owner‘s IP address (IP), domain name |
| Name | (DNS) or |
|
|
|
| Key Usage | This field displays for what functions the certificate’s key can be used. For |
|
| example, “DigitalSignature” means that the key can be used to sign certificates |
|
| and “KeyEncipherment” means that the key can be used to encrypt text. |
|
|
|
| Basic Constraint | This field displays general information about the certificate. For example, |
|
| Subject Type=CA means that this is a certification authority’s certificate and |
|
| “Path Length Constraint=1” means that there can only be one certification |
|
| authority in the certificate’s path. |
|
|
|
| MD5 Fingerprint | This is the certificate’s message digest that the ZyXEL Device calculated using |
|
| the MD5 algorithm. You cannot use this value to verify that this is the remote |
|
| host’s correct certificate because the ZyXEL Device has signed the certificate; |
|
| thus causing this value to be different from that of the remote host’s correct |
|
| certificate. See Section 12.6.3 on page 209 for how to verify a remote host’s |
|
| certificate. |
|
|
|
| SHA1 Fingerprint | This is the certificate’s message digest that the ZyXEL Device calculated using |
|
| the SHA1 algorithm. You cannot use this value to verify that this is the remote |
|
| host’s correct certificate because the ZyXEL Device has signed the certificate; |
|
| thus causing this value to be different from that of the remote host’s correct |
|
| certificate. See Section 12.6.3 on page 209 for how to verify a remote host’s |
|
| certificate. |
|
|
|
| Certificate in PEM | This |
| Enhanced Mail (PEM) format. PEM uses 64 ASCII characters to convert the | |
| Format | binary certificate into a printable form. |
|
| You can copy and paste the certificate into an |
|
| colleagues or you can copy and paste the certificate into a text editor and save |
|
| the file on a management computer for later distribution (via floppy disk for |
|
| example). |
|
|
|
| Back | Click this to return to the previous screen without saving. |
|
|
|
| Export | Click this and then Save in the File Download screen. The Save As screen |
|
| opens, browse to the location that you want to use and click Save. |
|
|
|
| 205 |
|
|