ZyWALL 5/35/70 Series User’s Guide
Table 119 Trusted Remote Host Details (continued)
LABEL | DESCRIPTION |
|
|
Certificate Information | These |
|
|
Type | This field displays general information about the certificate. With trusted remote |
| host certificates, this field always displays |
| Certification Authority that signed the certificate. X.509 means that this |
| certificate was created and signed according to the |
| recommendation that defines the formats for |
Version | This field displays the X.509 version number. |
|
|
Serial Number | This field displays the certificate’s identification number given by the device that |
| created the certificate. |
Subject | This field displays information that identifies the owner of the certificate, such |
| as Common Name (CN), Organizational Unit (OU), Organization (O) and |
| Country (C). |
Issuer | This field displays identifying information about the default |
| certificate on the ZyWALL that the ZyWALL uses to sign the trusted remote |
| host certificates. |
Signature Algorithm | This field displays the type of algorithm that the ZyWALL used to sign the |
| certificate, which is |
| algorithm and the SHA1 hash algorithm). |
Valid From | This field displays the date that the certificate becomes applicable. The text |
| displays in red and includes a Not Yet Valid! message if the certificate has not |
| yet become applicable. |
Valid To | This field displays the date that the certificate expires. The text displays in red |
| and includes an Expiring! or Expired! message if the certificate is about to |
| expire or has already expired. |
Key Algorithm | This field displays the type of algorithm that was used to generate the |
| certificate’s key pair (the ZyWALL uses RSA encryption) and the length of the |
| key set in bits (1024 bits for example). |
Subject Alternative | This field displays the certificate’s owner‘s IP address (IP), domain name (DNS) |
Name | or |
Key Usage | This field displays for what functions the certificate’s key can be used. For |
| example, “DigitalSignature” means that the key can be used to sign certificates |
| and “KeyEncipherment” means that the key can be used to encrypt text. |
Basic Constraint | This field displays general information about the certificate. For example, |
| Subject Type=CA means that this is a certification authority’s certificate and |
| “Path Length Constraint=1” means that there can only be one certification |
| authority in the certificate’s path. |
MD5 Fingerprint | This is the certificate’s message digest that the ZyWALL calculated using the |
| MD5 algorithm. You cannot use this value to verify that this is the remote host’s |
| actual certificate because the ZyWALL has signed the certificate; thus causing |
| this value to be different from that of the remote hosts actual certificate. See |
| Section 20.12 on page 357 for how to verify a remote host’s certificate. |
SHA1 Fingerprint | This is the certificate’s message digest that the ZyWALL calculated using the |
| SHA1 algorithm. You cannot use this value to verify that this is the remote |
| host’s actual certificate because the ZyWALL has signed the certificate; thus |
| causing this value to be different from that of the remote hosts actual certificate. |
| See Section 20.12 on page 357 for how to verify a remote host’s certificate. |
361 | Chapter 20 Certificates |