ZyXEL Communications ZyWALL 5 User Manual page 221

LABEL
Property
Default self-signed
certificate which signs
the imported remote
host certificates.
Certification Path
Refresh
Certificate Information
Type
Version
Serial Number
Subject
Issuer
Signature Algorithm
Valid From
Valid To
Key Algorithm
Subject Alternative
Name
Key Usage
Certificates
Table 14-4 My Certificate Details
Select this check box to have the ZyWALL use this certificate to sign the trusted
remote host certificates that you import to the ZyWALL. This check box is only
available with self-signed certificates.
If this check box is already selected, you cannot clear it in this screen, you must select
this check box in another self-signed certificate's details screen. This automatically
clears the check box in the details screen of the certificate that was previously set to
sign the imported trusted remote host certificates.
Click the Refresh button to have this read-only text box display the hierarchy of
certification authorities that validate the certificate (and the certificate itself).
If the issuing certification authority is one that you have imported as a trusted
certification authority, it may be the only certification authority in the list (along with the
certificate itself). If the certificate is a self-signed certificate, the certificate itself is the
only one in the list. The ZyWALL does not trust the certificate and displays "Not
trusted" in this field if any certificate on the path has expired or been revoked.
Click Refresh to display the certification path.
These read-only fields display detailed information about the certificate.
This field displays general information about the certificate. "CA-signed" means that a
Certification Authority signed the certificate. "Self-signed" means that the certificate's
owner signed the certificate (not a certification authority). "X.509" means that this
certificate was created and signed according to the ITU-T X.509 recommendation that
defines the formats for public-key certificates.
This field displays the X.509 version number.
This field displays the certificate's identification number given by the certification
authority or generated by the ZyWALL.
This field displays information that identifies the owner of the certificate, such as
Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C).
This field displays identifying information about the certificate's issuing certification
authority, such as Common Name, Organizational Unit, Organization and Country.
With self-signed certificates, this is the same as the Subject Name field.
This field displays the type of algorithm that was used to sign the certificate. The
ZyWALL uses rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the
SHA1 hash algorithm). Some certification authorities may use ras-pkcs1-md5 (RSA
public-private key encryption algorithm and the MD5 hash algorithm).
This field displays the date that the certificate becomes applicable. The text displays in
red and includes a "Not Yet Valid!" message if the certificate has not yet become
applicable.
This field displays the date that the certificate expires. The text displays in red and
includes an "Expiring!" or "Expired!" message if the certificate is about to expire or has
already expired.
This field displays the type of algorithm that was used to generate the certificate's key
pair (the ZyWALL uses RSA encryption) and the length of the key set in bits (1024 bits
for example).
This field displays the certificate owner's IP address (IP), domain name (DNS) or e-
mail address (EMAIL).
This field displays for what functions the certificate's key can be used. For example,
"DigitalSignature" means that the key can be used to sign certificates and
"KeyEncipherment" means that the key can be used to encrypt text.
ZyWALL 5 Internet Security Appliance
DESCRIPTION
14-11