Certificate Overview; What You Need To Know - ZyXEL Communications ZyWall ATP series User Manual

Table 280 Configuration > Object > Auth. Method > Two-factor Authentication (continued)
LABEL
Deliver Authorize
Link Method:
Authorize Link
URL Address:
Message
Apply
Reset

34.11 Certificate Overview

The Zyxel Device can use certificates (also called digital IDs) to authenticate users. Certificates are
based on public-private key pairs. A certificate contains the certificate owner's identity and public key.
Certificates provide a way to exchange public keys for use in authentication.
• Use the My Certificates screens (see
generate and export self-signed certificates or certification requests and import the CA-signed
certificates.
• Use the Trusted Certificates screens (see
667) to save CA certificates and trusted remote host certificates to the Zyxel Device. The Zyxel Device
trusts any valid certificate that you have imported as a trusted certificate. It also trusts any valid
certificate signed by any of the certificates that you have imported as a trusted certificate.

34.11.1 What You Need to Know

When using public-key cryptology for authentication, each host has two keys. One key is public and can
be made openly available. The other key is private and must be kept secure.
These keys work like a handwritten signature (in fact, certificates are often referred to as "digital
signatures"). Only you can write your signature exactly as it should look. When people know what your
signature looks like, they can verify whether something was signed by you, or by someone else. In the
same way, your private key "writes" your digital signature and your public key allows people to verify
whether data was signed by you, or by someone else. This process works as follows.
Chapter 34 Object
DESCRIPTION
Select one or both methods:
• SMS: Object > User/Group > User must contain a valid mobile telephone number. A valid
mobile telephone number can be up to 20 characters in length, including the numbers 1~9
and the following characters in the square brackets [+*#()-].
• Email: Object > User/Group > User must contain a valid email address. A valid email address
must contain the @ character. For example, this is a valid email address:
abc@example.com
Configure the link that the user will receive in the SMS or email. The user must be able to access
the link.
• http/https: you must enable HTTP or HTTPS in System > WWW > Service Control
• From Interface/User-Defined: select the Zyxel Device WAN interface (wan1/2) or select
User-Defined and then enter an IP address.
You can either create a default message in the text box or upload a message file (Use
Multilingual file) from your computer. The message file must be named '2FA-msg.txt' and be in
UTF-8 format. To create the file, click Download the default 2FA-msg.txt example and edit the
file for your needs. (If you make a mistake, use Restore Customized File to Default to restore your
customized file to the default.) Use Select a File Path to locate the final file on your computer
and then click Upload to transfer it to the Zyxel Device.
The message in either the text box or the file must contain the <url> variable within angle
brackets, while the <user>, <host>, and <time> variables are optional.
Click Apply to save the changes.
Click Reset to return the screen to its last-saved settings.
Section 34.11.3 on page 656
ZyWALL ATP Series User's Guide
to
Section 34.11.4 on page 663
653
Section 34.11.3.3 on page
to Section 34.11.4.2 on page
662) to