Certificates; Chapter 14 Certificates; Overview; What You Can Do In This Chapter - ZyXEL Communications NWA3560-N User Manual

14.1 Overview

The device can use cert ificat es ( also called digit al I Ds) t o aut hent icat e users. Cert ificat es are based
on public- privat e key pairs. A cert ificat e cont ains t he cert ificat e owner 's ident it y and public key.
Cert ificat es provide a way t o exchange public keys for use in aut hent icat ion.

14.1.1 What You Can Do in this Chapter

• The M y Ce r t ifica t e screens (
cert ificat es or cert ificat ion request s and im port t he device's CA- signed cert ificat es.
• The Tr ust e d Ce r t ifica t e s screens (
rem ot e host cert ificat es t o t he device. The device t rust s any valid cert ificat e t hat you have
im port ed as a t rust ed cert ificat e. I t also t rust s any valid cert ificat e signed by any of t he
cert ificat es t hat you have im port ed as a t rust ed cert ificat e.

14.1.2 What You Need to Know

The following t erm s and concept s m ay help as you read t his chapt er.
When using public- key crypt ology for aut hent icat ion, each host has t wo keys. One key is public and
can be m ade openly available. The ot her key is privat e and m ust be kept secure.
These keys work like a handwrit t en signat ure ( in fact, cert ificat es are oft en referred t o as " digit al
signat ures" ) . Only you can writ e your signat ure exact ly as it should look. When people know what
your signat ure looks like, t hey can verify whet her som et hing was signed by you, or by som eone
else. I n t he sam e way, your privat e key " writ es" your digit al signat ure and your public key allows
people t o verify whet her dat a was signed by you, or by som eone else.
This process works as follows:
1 Tim want s t o send a m essage t o Jenny. He needs her t o be sure t hat it com es from him , and t hat
t he m essage cont ent has not been alt ered by anyone else along t he way. Tim generat es a public
key pair ( one public key and one privat e key) .
2 Tim keeps t he privat e key and m akes t he public key openly available. This m eans t hat anyone who
receives a m essage seem ing t o com e from Tim can read it and verify whet her it is really from him
or not .
3 Tim uses his privat e key t o sign t he m essage and sends it t o Jenny.
4 Jenny receives t he m essage and uses Tim 's public key t o verify it . Jenny knows t hat t he m essage is
from Tim , and t hat alt hough ot her people m ay have been able t o read t he m essage, no- one can
have alt ered it ( because t hey cannot re- sign t he m essage wit h Tim 's privat e key) .
NWA3000-N Series User's Guide
C
HAPTER
Sect ion 14.2 on page 160) generat e and export self- signed
Sect ion 14.3 on page

Certificates

168) save CA cert ificat es and t rust ed
1 4
157