ZyXEL Communications P-660HN-F1 User Manual
Chapter 12 Certificates
P-660HN-F1 User’s Guide
209
• Key distribution is simple and very secure since you can freely distribute public keys and
you never need to transmit private keys.
Self-signed Certificates
You can have the ZyXEL Device act as a certification authority and sign its own certificates.
12.6.2 Private-Public Certificates
When using public-key cryptology for authentication, each host has two keys. One key is
public and can be made openly available. The other key is private and must be kept secure.
public and can be made openly available. The other key is private and must be kept secure.
These keys work like a handwritten signature (in fact, certificates are often referred to as
“digital signatures”). Only you can write your signature exactly as it should look. When
people know what your signature looks like, they can verify whether something was signed by
you, or by someone else. In the same way, your private key “writes” your digital signature and
your public key allows people to verify whether data was signed by you, or by someone else.
This process works as follows.
“digital signatures”). Only you can write your signature exactly as it should look. When
people know what your signature looks like, they can verify whether something was signed by
you, or by someone else. In the same way, your private key “writes” your digital signature and
your public key allows people to verify whether data was signed by you, or by someone else.
This process works as follows.
1 Tim wants to send a message to Jenny. He needs her to be sure that it comes from him,
and that the message content has not been altered by anyone else along the way. Tim
generates a public key pair (one public key and one private key).
generates a public key pair (one public key and one private key).
2 Tim keeps the private key and makes the public key openly available. This means that
anyone who receives a message seeming to come from Tim can read it and verify
whether it is really from him or not.
whether it is really from him or not.
3 Tim uses his private key to sign the message and sends it to Jenny.
4 Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the
4 Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the
message is from Tim, and that although other people may have been able to read the
message, no-one can have altered it (because they cannot re-sign the message with Tim’s
private key).
message, no-one can have altered it (because they cannot re-sign the message with Tim’s
private key).
5 Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s
public key to verify the message.
12.6.3 Verifying a Trusted Remote Host’s Certificate
Certificates issued by certification authorities have the certification authority’s signature for
you to check. Self-signed certificates only have the signature of the host itself. This means that
you must be very careful when deciding to import (and thereby trust) a remote host’s self-
signed certificate.
you to check. Self-signed certificates only have the signature of the host itself. This means that
you must be very careful when deciding to import (and thereby trust) a remote host’s self-
signed certificate.
Trusted Remote Host Certificate Fingerprints
A certificate’s fingerprints are message digests calculated using the MD5 or SHA1 algorithms.
The following procedure describes how to use a certificate’s fingerprint to verify that you have
the remote host’s correct certificate.
The following procedure describes how to use a certificate’s fingerprint to verify that you have
the remote host’s correct certificate.
1 Browse to where you have the remote host’s certificate saved on your computer.
2 Make sure that the certificate has a “.cer” or “.crt” file name extension.
2 Make sure that the certificate has a “.cer” or “.crt” file name extension.