Verify A Certificate - ZyXEL Communications LTE Series User Manual

Hide thumbs Also See for LTE Series:

User manual (305 pages)

User manual (235 pages)

User manual (210 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

Table of Contents

Public and Private Keys

When using public-key cryptology for authentication, each host has two keys. One key is public and can

be made openly available; the other key is private and must be kept secure. Public-key encryption in

general works as follows.

Tim wants to send a private message to Jenny. Tim generates a public-private key pair. What is

encrypted with one key can only be decrypted using the other.

Tim keeps the private key and makes the public key openly available.

Tim uses his private key to encrypt the message and sends it to Jenny.

Jenny receives the message and uses Tim's public key to decrypt it.

Additionally, Jenny uses her own private key to encrypt a message and Tim uses Jenny's public key to

decrypt the message.

The Zyxel Device uses certificates based on public-key cryptology to authenticate users attempting to

establish a connection. The method used to secure the data that you send through an established

connection depends on the type of connection. For example, a VPN tunnel might use the triple DES

encryption algorithm.

The certification authority uses its private key to sign certificates. Anyone can then use the certification

authority's public key to verify the certificates.

Advantages of Certificates

Certificates offer the following benefits.

• The Zyxel Device only has to store the certificates of the certification authorities that you decide to

trust, no matter how many devices you need to authenticate.

• Key distribution is simple and very secure since you can freely distribute public keys and you never

need to transmit private keys.

Certificate File Format

The certification authority certificate that you want to import has to be in PEM (Base-64) encoded X.509

file format. This Privacy Enhanced Mail format uses 64 ASCII characters to convert a binary X.509

certificate into a printable form.

12.6.1 Verify a Certificate

Before you import a trusted CA or trusted remote host certificate into the Zyxel Device, you should verify

that you have the actual certificate. This is especially true of trusted CA certificates since the Zyxel

Device also trusts any valid certificate signed by any of the imported trusted CA certificates.

You can use a certificate's fingerprint to verify it. A certificate's fingerprint is a message digest

calculated using the MD5 or SHA1 algorithms. The following procedure describes how to check a

certificate's fingerprint to verify that you have the actual certificate.

Browse to where you have the certificate saved on your computer.

Chapter 12 Certificates

LTE Series User's Guide

108

Table of Contents

Troubleshooting

This manual is also suitable for:

Lte7461-m602 Lte7480-s905

Verify A Certificate - ZyXEL Communications LTE Series User Manual

12.6.1 Verify a Certificate

Troubleshooting

Related Manuals for ZyXEL Communications LTE Series

Related Content for ZyXEL Communications LTE Series

This manual is also suitable for:

Table of Contents