This chapter gives background information about public-key certificates and explains how to use
16.1 Certificates Overview
The ZyWALL can use certificates (also called digital IDs) to authenticate users. Certificates are based on
public-private key pairs. A certificate contains the certificate owner's identity and public key. Certificates
provide a way to exchange public keys for use in authentication.
A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner.
There are commercial certification authorities like CyberTrust or VeriSign and government certification
authorities. You can use the ZyWALL to generate certification requests that contain identifying information
and public keys and then send the certification requests to a certification authority.
In public-key encryption and decryption, each host has two keys. One key is public and can be made openly
available; the other key is private and must be kept secure. Public-key encryption in general works as
follows.
1. Tim wants to send a private message to Jenny. Tim generates a public key pair. What is encrypted
with one key can only be decrypted using the other.
2. Tim keeps the private key and makes the public key openly available.
3. Tim uses his private key to encrypt the message and sends it to Jenny.
4. Jenny receives the message and uses Tim's public key to decrypt it.
5. Additionally, Jenny uses her own private key to encrypt a message and Tim uses Jenny's public
key to decrypt the message.
Certificates
ZyWALL Series Internet Security Gateway
Chapter 16
Certificates
them.
16-1