ZyXEL Communications ZyWALL5UTM 4.0 20.12 Verifying a Trusted Remote Host’s Certificate, 20.12.1 Trusted Remote Host Certificate Fingerprints, Details, Thumbprint, Certificate

ZyWALL 5/35/70 Series User’s Guide

Table 117 Trusted Remote Hosts (continued)

LABEL	DESCRIPTION

Import	Click Import to open a screen where you can save the certificate of a remote host
	(which you trust) from your computer to the ZyWALL.
Refresh	Click this button to display the current validity status of the certificates.

20.12 Verifying a Trusted Remote Host’s Certificate

Certificates issued by certification authorities have the certification authority’s signature for you to check. Self-signed certificates only have the signature of the host itself. This means that you must be very careful when deciding to import (and thereby trust) a remote host’s self- signed certificate.

20.12.1 Trusted Remote Host Certificate Fingerprints

A certificate’s fingerprints are message digests calculated using the MD5 or SHA1 algorithms. The following procedure describes how to use a certificate’s fingerprint to verify that you have the remote host’s actual certificate.

1Browse to where you have the remote host’s certificate saved on your computer.

2Make sure that the certificate has a “.cer” or “.crt” file name extension.

Figure 169 Remote Host Certificates

3Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down to the Thumbprint Algorithm and Thumbprint fields.

357	Chapter 20 Certificates