|
| Chapter 40 Certificates |
| Table 189 Object > Certificate > Trusted Certificates > Edit (continued) | |
| LABEL | DESCRIPTION |
| Refresh | Click Refresh to display the certification path. |
|
|
|
| Enable X.509v3 | Select this check box to have the ZyWALL check incoming certificates that are |
| CRL Distribution | signed by this certificate against a Certificate Revocation List (CRL) or an OCSP |
| Points and OCSP | server. You also need to configure the OSCP or LDAP server details. |
| checking |
|
|
|
|
| OCSP Server | Select this check box if the directory server uses OCSP (Online Certificate |
|
| Status Protocol). |
|
|
|
| URL | Type the protocol, IP address and pathname of the OCSP server. |
|
|
|
| ID | The ZyWALL may need to authenticate itself in order to assess the OCSP |
|
| server. Type the login name (up to 31 ASCII characters) from the entity |
|
| maintaining the server (usually a certification authority). |
|
|
|
| Password | Type the password (up to 31 ASCII characters) from the entity maintaining the |
|
| OCSP server (usually a certification authority). |
|
|
|
| LDAP Server | Select this check box if the directory server uses LDAP (Lightweight Directory |
|
| Access Protocol). LDAP is a protocol over TCP that specifies how clients |
|
| access directories of certificates and lists of revoked certificates. |
|
|
|
| Address | Type the IP address (in dotted decimal notation) of the directory server. |
|
|
|
| Port | Use this field to specify the LDAP server port number. |
|
| You must use the same server port number that the directory server uses. |
|
| 389 is the default server port number for LDAP. |
|
|
|
| ID | The ZyWALL may need to authenticate itself in order to assess the CRL |
|
| directory server. Type the login name (up to 31 ASCII characters) from the entity |
|
| maintaining the server (usually a certification authority). |
|
|
|
| Password | Type the password (up to 31 ASCII characters) from the entity maintaining the |
|
| CRL directory server (usually a certification authority). |
|
|
|
| Certificate | These |
| Information |
|
|
|
|
| Type | This field displays general information about the certificate. |
|
| that a Certification Authority signed the certificate. |
|
| certificate’s owner signed the certificate (not a certification authority). X.509 |
|
| means that this certificate was created and signed according to the |
|
| recommendation that defines the formats for |
|
|
|
| Version | This field displays the X.509 version number. |
|
|
|
| Serial Number | This field displays the certificate’s identification number given by the certification |
|
| authority. |
|
|
|
| Subject | This field displays information that identifies the owner of the certificate, such as |
|
| Common Name (CN), Organizational Unit (OU), Organization (O) and Country |
|
| (C). |
|
|
|
| Issuer | This field displays identifying information about the certificate’s issuing |
|
| certification authority, such as Common Name, Organizational Unit, |
|
| Organization and Country. |
|
| With |
|
| Name field. |
| Signature Algorithm | This field displays the type of algorithm that was used to sign the certificate. |
|
| Some certification authorities use |
|
| encryption algorithm and the SHA1 hash algorithm). Other certification |
|
| authorities may use |
|
| algorithm and the MD5 hash algorithm). |
|
|
|
| 559 |
ZyWALL USG 1000 User’s Guide | |
|
|