ZyXEL Communications P-660HN-F1 User Manual
Chapter 12 Certificates
P-660HN-F1 User’s Guide
208
12.6 Certificates Technical Reference
This section provides technical background information about the topics covered in this
chapter.
chapter.
12.6.1 Certificates Overview
The ZyXEL Device can use certificates (also called digital IDs) to authenticate users.
Certificates are based on public-private key pairs. A certificate contains the certificate owner’s
identity and public key. Certificates provide a way to exchange public keys for use in
authentication.
Certificates are based on public-private key pairs. A certificate contains the certificate owner’s
identity and public key. Certificates provide a way to exchange public keys for use in
authentication.
The ZyXEL Device uses certificates based on public-key cryptology to authenticate users
attempting to establish a connection, not to encrypt the data that you send after establishing a
connection. The method used to secure the data that you send through an established
connection depends on the type of connection. For example, a VPN tunnel might use the triple
DES encryption algorithm.
attempting to establish a connection, not to encrypt the data that you send after establishing a
connection. The method used to secure the data that you send through an established
connection depends on the type of connection. For example, a VPN tunnel might use the triple
DES encryption algorithm.
The certification authority uses its private key to sign certificates. Anyone can then use the
certification authority’s public key to verify the certificates.
certification authority’s public key to verify the certificates.
A certification path is the hierarchy of certification authority certificates that validate a
certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has
expired or been revoked.
certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has
expired or been revoked.
Certification authorities maintain directory servers with databases of valid and revoked
certificates. A directory of certificates that have been revoked before the scheduled expiration
is called a CRL (Certificate Revocation List). The ZyXEL Device can check a peer’s
certificate against a directory server’s list of revoked certificates. The framework of servers,
software, procedures and policies that handles keys is called PKI (Public-Key Infrastructure).
certificates. A directory of certificates that have been revoked before the scheduled expiration
is called a CRL (Certificate Revocation List). The ZyXEL Device can check a peer’s
certificate against a directory server’s list of revoked certificates. The framework of servers,
software, procedures and policies that handles keys is called PKI (Public-Key Infrastructure).
Advantages of Certificates
Certificates offer the following benefits.
• The ZyXEL Device only has to store the certificates of the certification authorities that
you decide to trust, no matter how many devices you need to authenticate.
Login
The ZyXEL Device may need to authenticate itself in order to assess the directory
server. Type the login name (up to 31 ASCII characters) from the entity
maintaining the directory server (usually a certification authority).
server. Type the login name (up to 31 ASCII characters) from the entity
maintaining the directory server (usually a certification authority).
Password
Type the password (up to 31 ASCII characters) from the entity maintaining the
directory server (usually a certification authority).
directory server (usually a certification authority).
Back
Click this to return to the Directory Servers screen.
Apply
Click this to save your changes.
Cancel
Click this to restore your previously saved settings.
A.
At the time of writing, LDAP is the only choice of directory server access protocol.
Table 77 Directory Server Add and Edit (continued)
LABEL
DESCRIPTION