Verifying A Certificate; Figure 439 Remote Host Certificates - ZyXEL Communications ZyWALL USG 300 User Manual

• PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses
lowercase letters, uppercase letters and numerals to convert a binary PKCS#7 certificate
into a printable form.
• Binary PKCS#12: This is a format for transferring public key and private key
certificates.The private key in a PKCS #12 file is within a password-encrypted envelope.
The file's password is not connected to your certificate's public or private passwords.
Exporting a PKCS #12 file creates this and you must provide it to decrypt the contents
when you import the file into the ZyWALL.
Be careful not to convert a binary file to text during the transfer process. It is
easy for this to occur since many programs use text files by default.
Finding Out More
• See Section 5.5 on page 118
• See Section 42.4 on page 637

42.1.3 Verifying a Certificate

Before you import a trusted certificate into the ZyWALL, you should verify that you have the
correct certificate. You can do this using the certificate's fingerprint. A certificate's
fingerprint is a message digest calculated using the MD5 or SHA1 algorithm. The following
procedure describes how to check a certificate's fingerprint to verify that you have the actual
certificate.
1 Browse to where you have the certificate saved on your computer.
2 Make sure that the certificate has a ".cer" or ".crt" file name extension.

Figure 439 Remote Host Certificates

3 Double-click the certificate's icon to open the Certificate window. Click the Details tab
and scroll down to the Thumbprint Algorithm and Thumbprint fields.
ZyWALL USG 300 User's Guide
for related information on these screens.
for certificate background information.
Chapter 42 Certificates
623