ZyXEL Communications ZyWALL 1000 40.7 Trusted Certificates Screen, 40.7.1 OCSP

Chapter 40 Certificates

The following table describes the labels in this screen.

Table 187 Object > Certificate > My Certificates > Import

40.7 Trusted Certificates Screen

Click Object > Certificate > Trusted Certificates to open the Trusted Certificates screen. This screen displays a summary list of certificates that you have set the ZyWALL to accept as trusted. The ZyWALL also accepts any valid certificate signed by a certificate on this list as being trustworthy; thus you do not need to import any certificate that is signed by one of these certificates.

40.7.1 OCSP

OCSP (Online Certificate Status Protocol) allows an application or device to check whether a certificate is valid. With OCSP the ZyWALL checks the status of individual certificates instead of downloading a Certificate Revocation List (CRL). OCSP has two main advantages over a CRL. The first is real-time status information. The second is a reduction in network traffic since the ZyWALL only gets information on the certificates that it needs to verify, not a huge list. When the ZyWALL requests certificate status information, the OCSP server returns a “expired”, “current” or “unknown” response.

Figure 407 Object > Certificate > Trusted Certificates

The following table describes the labels in this screen.

Table 188 Object > Certificate > Trusted Certificates