ZyXEL Communications ZyWALL 5 User Manual page 227

LABEL
Property
Check incoming
certificates issued by
this CA against a
CRL
Certification Path
Refresh
Certificate Information
Type
Version
Serial Number
Subject
Issuer
Signature Algorithm
Valid From
Valid To
Key Algorithm
Subject Alternative
Name
Key Usage
Certificates
Table 14-7 Trusted CA Details
Select this check box to have the ZyWALL check incoming certificates that are issued
by this certification authority against a Certificate Revocation List (CRL).
Clear this check box to have the ZyWALL not check incoming certificates that are
issued by this certification authority against a Certificate Revocation List (CRL).
Click the Refresh button to have this read-only text box display the end entity's
certificate and a list of certification authority certificates that shows the hierarchy of
certification authorities that validate the end entity's certificate. If the issuing
certification authority is one that you have imported as a trusted certification authority,
it may be the only certification authority in the list (along with the end entity's own
certificate). The ZyWALL does not trust the end entity's certificate and displays "Not
trusted" in this field if any certificate on the path has expired or been revoked.
Click Refresh to display the certification path.
These read-only fields display detailed information about the certificate.
This field displays general information about the certificate. "CA-signed" means that a
Certification Authority signed the certificate. "Self-signed" means that the certificate's
owner signed the certificate (not a certification authority). "X.509" means that this
certificate was created and signed according to the ITU-T X.509 recommendation that
defines the formats for public-key certificates.
This field displays the X.509 version number.
This field displays the certificate's identification number given by the certification
authority.
This field displays information that identifies the owner of the certificate, such as
Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C).
This field displays identifying information about the certificate's issuing certification
authority, such as Common Name, Organizational Unit, Organization and Country.
With self-signed certificates, this is the same information as in the Subject Name field.
This field displays the type of algorithm that was used to sign the certificate. Some
certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption
algorithm and the SHA1 hash algorithm). Other certification authorities may use ras-
pkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash algorithm).
This field displays the date that the certificate becomes applicable. The text displays in
red and includes a "Not Yet Valid!" message if the certificate has not yet become
applicable.
This field displays the date that the certificate expires. The text displays in red and
includes an "Expiring!" or "Expired!" message if the certificate is about to expire or has
already expired.
This field displays the type of algorithm that was used to generate the certificate's key
pair (the ZyWALL uses RSA encryption) and the length of the key set in bits (1024 bits
for example).
This field displays the certificate's owner's IP address (IP), domain name (DNS) or e-
mail address (EMAIL).
This field displays for what functions the certificate's key can be used. For example,
"DigitalSignature" means that the key can be used to sign certificates and
"KeyEncipherment" means that the key can be used to encrypt text.
ZyWALL 5 Internet Security Appliance
DESCRIPTION
14-17