ZyXEL Communications ZyWALL 2 Series User Manual

ZyWALL 2 Series User’s Guide 

15-2  

Certificates 

Certification authorities maintain directory servers with databases of valid and revoked certificates. A 
directory of certificates that have been revoked before the scheduled expiration is called a CRL (Certificate 
Revocation List). The ZyWALL can check a peer’s certificate against a directory server’s list of revoked 
certificates. The framework of servers, software, procedures and policies that handles keys is called PKI 
(public-key infrastructure). 

Certificates offer the following benefits. 

 The ZyWALL only has to store the certificates of the certification authorities that you decide to 

trust, no matter how many devices you need to authenticate.  

 Key distribution is simple and very secure since you can freely distribute public keys and you never 

need to transmit private keys. 

Until public-key infrastructure becomes more mature, it may not be available in some areas. You can have 
the ZyWALL act as a certification authority and sign its own certificates. 

This section summarizes how to manage certificates on the ZyWALL. 

 

 

 

 

 

 

Use the My Certificate screens to generate and 
export self-signed certificates or certification requests 
and import the ZyWALLs’ CA-signed certificates.

Use the Trusted Remote Hosts screens 
to import self-signed certificates.

Use the Directory Servers screen to 
configure a list of addresses of directory 
servers (that contain lists of valid and 
revoked certificates). 

Use the Trusted CA screens 
to save CA certificates to the 
ZyWALL.