39

Certificates

39.1 Overview

The ZyWALL can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.

39.1.1What You Can Do in this Chapter

Use the My Certificate screens (see Section 39.2 on page 593 to Section

39.2.3on page 602) to generate and export self-signed certificates or certification requests and import the ZyWALL’s CA-signed certificates.

Use the Trusted Certificates screens (see Section 39.3 on page 603 to Section

39.3.2on page 608) to save CA certificates and trusted remote host certificates to the ZyWALL. The ZyWALL trusts any valid certificate that you have imported as a trusted certificate. It also trusts any valid certificate signed by any of the certificates that you have imported as a trusted certificate.

39.1.2What You Need to Know

When using public-key cryptology for authentication, each host has two keys. One key is public and can be made openly available. The other key is private and must be kept secure.

These keys work like a handwritten signature (in fact, certificates are often referred to as “digital signatures”). Only you can write your signature exactly as it should look. When people know what your signature looks like, they can verify whether something was signed by you, or by someone else. In the sameway, your private key “writes” your digital signature and your public key allows people to verify whether data was signed by you, or by someone else. This process works as follows.

1Tim wants to send a message to Jenny. He needs her to be surethat it comes from him, and that the message content has not been altered by anyone else along the way. Tim generates a public key pair (one public key and one private key).

 

589

ZyWALL USG 20/20W User’s Guide