ZyXEL Communications HD User Manual page 132

The following table describes the labels in this screen.
Table 59 Configuration > Object > Certificate > My Certificates > Add
LABEL DESCRIPTION
Name Type a name to identify this certificate. You can use up to 31 alphanumeric and
;'~!@#$%^&()_+[]{}',.=- characters.
Subject Information Use these fields to record information that identifies the owner of the certificate. You do
not have to fill in every field, although you must specify a Host IP Address, Host Domain
Name, or E-Mail. The certification authority may add fields (such as a serial number) to the
subject information when it issues a certificate. It is recommended that each certificate
have unique subject information.
Select a radio button to identify the certificate's owner by IP address, domain name or e-
mail address. Type the IP address (in dotted decimal notation), domain name or e-mail
address in the field provided. The domain name or e-mail address is for identification
purposes only and can be any string.
A domain name can be up to 255 characters. You can use alphanumeric characters, the
hyphen and periods.
An e-mail address can be up to 63 characters. You can use alphanumeric characters, the
hyphen, the @ symbol, periods and the underscore.
Organizational Unit Identify the organizational unit or department to which the certificate owner belongs. You
can use up to 31 characters. You can use alphanumeric characters, the hyphen and the
underscore.
Organization Identify the company or group to which the certificate owner belongs. You can use up to
31 characters. You can use alphanumeric characters, the hyphen and the underscore.
Town (City) Identify the town or city where the certificate owner is located. You can use up to 31
characters. You can use alphanumeric characters, the hyphen and the underscore.
State (Province) Identify the state or province where the certificate owner is located. You can use up to 31
characters. You can use alphanumeric characters, the hyphen and the underscore.
Country Identify the nation where the certificate owner is located. You can use up to 31
characters. You can use alphanumeric characters, the hyphen and the underscore.
Key Type The NWA/WAC uses the RSA (Rivest, Shamir and Adleman) public-key encryption
algorithm. SHA1 (Secure Hash Algorithm) and SHA2 are hash algorithms used to
authenticate packet data. SHA2-256 or SHA2-512 are part of the SHA2 set of
cryptographic functions and they are considered even more secure than SHA1.
Select a key type from RSA-SHA256 and RSA-SHA512.
Key Length Select a number from the drop-down list box to determine how many bits the key should
use (1024 to 2048). The longer the key, the more secure it is. A longer key also uses more PKI
storage space.
Extended Key Usage Select Server Authentication to allow a web server to send clients the certificate to
authenticate itself.
Select Client Authentication to use the certificate's key to authenticate clients to the
secure gateway.
These radio buttons deal with how and when the certificate is to be generated.
Create a self-signed Select this to have the NWA/WAC generate the certificate and act as the Certification
certificate Authority (CA) itself. This way you do not need to apply to a certification authority for
certificates.
Create a certification Select this to have the NWA/WAC generate and store a request for a certificate. Use the
request and save it My Certificate Edit screen to view the certification request and copy it to send to the
locally for later certification authority.
manual enrollment
Copy the certification request from the My Certificate Edit screen and then send it to the
certification authority.
Chapter 13 Certificates
NWA / WAC Series User's Guide
132