ZyXEL Communications ZyWALL 5 User Manual page 233

LABEL
Certification Path
Refresh
Certificate Information
Type
Version
Serial Number
Subject
Issuer
Signature Algorithm
Valid From
Valid To
Key Algorithm
Subject Alternative
Name
Key Usage
Basic Constraint
MD5 Fingerprint
Certificates
Table 14-10 Trusted Remote Host Details
Click the Refresh button to have this read-only text box display the end entity's own
certificate and a list of certification authority certificates in the hierarchy of certification
authorities that validate a certificate's issuing certification authority. For a trusted host,
the list consists of the end entity's own certificate and the default self-signed certificate
that the ZyWALL uses to sign remote host certificates.
Click Refresh to display the certification path.
These read-only fields display detailed information about the certificate.
This field displays general information about the certificate. With trusted remote host
certificates, this field always displays "CA-signed". The ZyWALL is the Certification
Authority that signed the certificate. "X.509" means that this certificate was created
and signed according to the ITU-T X.509 recommendation that defines the formats for
public-key certificates.
This field displays the X.509 version number.
This field displays the certificate's identification number given by the device that
created the certificate.
This field displays information that identifies the owner of the certificate, such as
Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C).
This field displays identifying information about the default self-signed certificate on
the ZyWALL that the ZyWALL uses to sign the trusted remote host certificates.
This field displays the type of algorithm that the ZyWALL used to sign the certificate,
which is rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1
hash algorithm).
This field displays the date that the certificate becomes applicable. The text displays
in red and includes a "Not Yet Valid!" message if the certificate has not yet become
applicable.
This field displays the date that the certificate expires. The text displays in red and
includes an "Expiring!" or "Expired!" message if the certificate is about to expire or has
already expired.
This field displays the type of algorithm that was used to generate the certificate's key
pair (the ZyWALL uses RSA encryption) and the length of the key set in bits (1024 bits
for example).
This field displays the certificate's owner's IP address (IP), domain name (DNS) or e-
mail address (EMAIL).
This field displays for what functions the certificate's key can be used. For example,
"DigitalSignature" means that the key can be used to sign certificates and
"KeyEncipherment" means that the key can be used to encrypt text.
This field displays general information about the certificate. For example, "Subject
Type=CA" means that this is a certification authority's certificate and "Path Length
Constraint=1" means that there can only be one certification authority in the
certificate's path.
This is the certificate's message digest that the ZyWALL calculated using the MD5
algorithm. You cannot use this value to verify that this is the remote host's actual
certificate because the ZyWALL has signed the certificate; thus causing this value to
be different from that of the remote hosts actual certificate. See section 14.13.1 for
how to verify a remote host's certificate.
ZyWALL 5 Internet Security Appliance
DESCRIPTION
14-23