ZyWALL 5/35/70 Series User’s Guide

Table 119 Trusted Remote Host Details (continued)

LABEL

DESCRIPTION

 

 

Certificate Information

These read-only fields display detailed information about the certificate.

 

 

Type

This field displays general information about the certificate. With trusted remote

 

host certificates, this field always displays CA-signed. The ZyWALL is the

 

Certification Authority that signed the certificate. X.509 means that this

 

certificate was created and signed according to the ITU-T X.509

 

recommendation that defines the formats for public-key certificates.

Version

This field displays the X.509 version number.

 

 

Serial Number

This field displays the certificate’s identification number given by the device that

 

created the certificate.

Subject

This field displays information that identifies the owner of the certificate, such

 

as Common Name (CN), Organizational Unit (OU), Organization (O) and

 

Country (C).

Issuer

This field displays identifying information about the default self-signed

 

certificate on the ZyWALL that the ZyWALL uses to sign the trusted remote

 

host certificates.

Signature Algorithm

This field displays the type of algorithm that the ZyWALL used to sign the

 

certificate, which is rsa-pkcs1-sha1 (RSA public-private key encryption

 

algorithm and the SHA1 hash algorithm).

Valid From

This field displays the date that the certificate becomes applicable. The text

 

displays in red and includes a Not Yet Valid! message if the certificate has not

 

yet become applicable.

Valid To

This field displays the date that the certificate expires. The text displays in red

 

and includes an Expiring! or Expired! message if the certificate is about to

 

expire or has already expired.

Key Algorithm

This field displays the type of algorithm that was used to generate the

 

certificate’s key pair (the ZyWALL uses RSA encryption) and the length of the

 

key set in bits (1024 bits for example).

Subject Alternative

This field displays the certificate’s owner‘s IP address (IP), domain name (DNS)

Name

or e-mail address (EMAIL).

Key Usage

This field displays for what functions the certificate’s key can be used. For

 

example, “DigitalSignature” means that the key can be used to sign certificates

 

and “KeyEncipherment” means that the key can be used to encrypt text.

Basic Constraint

This field displays general information about the certificate. For example,

 

Subject Type=CA means that this is a certification authority’s certificate and

 

“Path Length Constraint=1” means that there can only be one certification

 

authority in the certificate’s path.

MD5 Fingerprint

This is the certificate’s message digest that the ZyWALL calculated using the

 

MD5 algorithm. You cannot use this value to verify that this is the remote host’s

 

actual certificate because the ZyWALL has signed the certificate; thus causing

 

this value to be different from that of the remote hosts actual certificate. See

 

Section 20.12 on page 357 for how to verify a remote host’s certificate.

SHA1 Fingerprint

This is the certificate’s message digest that the ZyWALL calculated using the

 

SHA1 algorithm. You cannot use this value to verify that this is the remote

 

host’s actual certificate because the ZyWALL has signed the certificate; thus

 

causing this value to be different from that of the remote hosts actual certificate.

 

See Section 20.12 on page 357 for how to verify a remote host’s certificate.

361

Chapter 20 Certificates