Certificate Overview; What You Need To Know - ZyXEL Communications USG40 User Manual

Table 248 Configuration > Object > Auth. Method > Add (continued)
LABEL
Remove
Move
#
Method List
OK
Cancel

32.10 Certificate Overview

The ZyWALL/USG can use certificates (also called digital IDs) to authenticate users. Certificates are
based on public-private key pairs. A certificate contains the certificate owner's identity and public
key. Certificates provide a way to exchange public keys for use in authentication.
• Use the My Certificates screens (see
588) to generate and export self-signed certificates or certification requests and import the CA-
signed certificates.
• Use the Trusted Certificates screens (see
page 593) to save CA certificates and trusted remote host certificates to the ZyWALL/USG. The
ZyWALL/USG trusts any valid certificate that you have imported as a trusted certificate. It also
trusts any valid certificate signed by any of the certificates that you have imported as a trusted
certificate.

32.10.1 What You Need to Know

When using public-key cryptology for authentication, each host has two keys. One key is public and
can be made openly available. The other key is private and must be kept secure.
These keys work like a handwritten signature (in fact, certificates are often referred to as "digital
signatures"). Only you can write your signature exactly as it should look. When people know what
your signature looks like, they can verify whether something was signed by you, or by someone
else. In the same way, your private key "writes" your digital signature and your public key allows
people to verify whether data was signed by you, or by someone else. This process works as
follows.
Chapter 32 Object
DESCRIPTION
To remove an entry, select it and click Remove. The ZyWALL/USG confirms you want to
remove it before doing so.
To change a method's position in the numbered list, select the method and click Move to
display a field to type a number for where you want to put it and press [ENTER] to move
the rule to the number that you typed.
The ordering of your methods is important as ZyWALL/USG authenticates the users using
the authentication methods in the order they appear in this screen.
This field displays the index number.
Select a server object from the drop-down list box. You can create a server object in the
AAA Server screen.
The ZyWALL/USG authenticates the users using the databases (in the local user database
or the external authentication server) in the order they appear in this screen.
If two accounts with the same username exist on two authentication servers you specify,
the ZyWALL/USG does not continue the search on the second authentication server when
you enter the username and password that doesn't match the one on the first
authentication server.
Click OK to save the changes.
Click Cancel to discard the changes.
Section 32.10.3 on page 582
ZyWALL/USG Series User's Guide
Section 32.10.4 on page 589
579
to Section 32.10.3.3 on page
to Section 32.10.4.2 on