ZyXEL Communications ZyWall 35 Support Notes page 83

The most critical part for online certification request would be we need to send the certification request over
Internet, which is an insecure environment. To prevent certification request from being modified or
eavesdropped, we need to download CA server's certificate in the first step. When ZyWALL delivers the
certification requests, the public key in CA server's certificate will be used to protect the data.
You may need to access CA server's WEB interface or contact the administrator to get CA's certificate. Then
you can go to SECURITY->CERTIFICATES->Trusted CAs to import the downloaded certificate.
Step 2. Create certificate request and enroll certificate request on ZyWALL A
1. Input a name, for this Certificate so you can identify this Certificate later.
2. In Subject Information, give this certificate a Common Name by either Host IP Address, Host Domain
Name or E-Mail address. Organizational Unit, Organization, Country are optional fields, you are free to
either enter them or not.
3. Finally, specify the key length.
4. Select Create a certification request and enroll for a certificate immediately online.
5. Specify the Enrollment Protocol to Simple Certificate Enrollment Protocol (SCEP).
6. In the "CA Server's Address" field, input the URL to access CA server, for example,
http://1.1.1.1:8080/scep/
7. Choose the previously downloaded CA server's certificate from the drop down list.
All contents copyright (c) 2006 ZyXEL Communications Corporation.
ZyWALL 35 Support Notes
83