ZyXEL Communications ZyWALL 5 User Manual page 218

ZyWALL 5 Internet Security Appliance
LABEL
Organizational Unit
Organization
Country
Key Length
Enrollment Options
These radio buttons deal with how and when the certificate is to be generated.
Create a self-signed
certificate
Create a certification
request and save it
locally for later manual
enrollment
Create a certification
request and enroll for a
certificate immediately
online
Enrollment Protocol
CA Server Address
CA Certificate
14-8
Table 14-3 My Certificate Create
Type up to 127 characters to identify the organizational unit or department to which
the certificate owner belongs. You may use any character, including spaces, but the
ZyWALL drops trailing spaces.
Type up to 127 characters to identify the company or group to which the certificate
owner belongs. You may use any character, including spaces, but the ZyWALL drops
trailing spaces.
Type up to 127 characters to identify the nation where the certificate owner is located.
You may use any character, including spaces, but the ZyWALL drops trailing spaces.
Select a number from the drop-down list box to determine how many bits the key
should use (512 to 2048). The longer the key, the more secure it is. A longer key also
uses more PKI storage space.
Select Create a self-signed certificate to have the ZyWALL generate the certificate
and act as the Certification Authority (CA) itself. This way you do not need to apply to
a certification authority for certificates.
Select Create a certification request and save it locally for later manual
enrollment to have the ZyWALL generate and store a request for a certificate. Use
the My Certificate Details screen to view the certification request and copy it to send
to the certification authority.
Copy the certification request from the My Certificate Details screen (see section
14.8) and then send it to the certification authority.
Select Create a certification request and enroll for a certificate immediately
online to have the ZyWALL generate a request for a certificate and apply to a
certification authority for a certificate.
You must have the certification authority's certificate already imported in the Trusted
CAs screen.
When you select this option, you must select the certification authority's enrollment
protocol and the certification authority's certificate from the drop-down list boxes and
enter the certification authority's server address. You also need to fill in the
Reference Number and Key if the certification authority requires them.
Select the certification authority's enrollment protocol from the drop-down list box.
Simple Certificate Enrollment Protocol (SCEP) is a TCP-based enrollment protocol
that was developed by VeriSign and Cisco.
Certificate Management Protocol (CMP) is a TCP-based enrollment protocol that
was developed by the Public Key Infrastructure X.509 working group of the Internet
Engineering Task Force (IETF) and is specified in RFC 2510.
Enter the IP address (or URL) of the certification authority server.
Select the certification authority's certificate from the CA Certificate drop-down list
box.
You must have the certification authority's certificate already imported in the Trusted
CAs screen. Click Trusted CAs to go to the Trusted CAs screen where you can
view (and manage) the ZyWALL's list of certificates of trusted certification authorities.
DESCRIPTION
Certificates