Verifying A Certificate - ZyXEL Communications ZyWall USG20-VPN User Manual
Usg series
Hide thumbs
Also See for ZyWall USG20-VPN:
- User manual (994 pages) ,
- Handbook (810 pages) ,
- Reference manual (665 pages)
Table of Contents
Advertisement
Certificate File Formats
Any certificate that you want to import has to be in one of these file formats:
• Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates.
• PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters,
uppercase letters and numerals to convert a binary X.509 certificate into a printable form.
• Binary PKCS#7: This is a standard that defines the general syntax for data (including digital
signatures) that may be encrypted. A PKCS #7 file is used to transfer a public key certificate. The
private key is not included. The USG currently allows the importation of a PKS#7 file that
contains a single certificate.
• PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercase
letters, uppercase letters and numerals to convert a binary PKCS#7 certificate into a printable
form.
• Binary PKCS#12: This is a format for transferring public key and private key certificates. The
private key in a PKCS #12 file is within a password-encrypted envelope. The file's password is not
connected to your certificate's public or private passwords. Exporting a PKCS #12 file creates this
and you must provide it to decrypt the contents when you import the file into the USG.
Note: Be careful not to convert a binary file to text during the transfer process. It is easy
for this to occur since many programs use text files by default.
29.10.2 Verifying a Certificate
Before you import a trusted certificate into the USG, you should verify that you have the correct
certificate. You can do this using the certificate's fingerprint. A certificate's fingerprint is a message
digest calculated using the MD5 or SHA1 algorithm. The following procedure describes how to check
a certificate's fingerprint to verify that you have the actual certificate.
Browse to where you have the certificate saved on your computer.
1
Make sure that the certificate has a ".cer" or ".crt" file name extension.
2
Figure 351 Remote Host Certificates
Double-click the certificate's icon to open the Certificate window. Click the Details tab and scroll
3
down to the Thumbprint Algorithm and Thumbprint fields.
Chapter 29 Object
USG20(W)-VPN Series User's Guide
516
- Quick Links:
- Web Configurator
- Installation Setup Wizard
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
