ZyXEL Communications ZyWALL 1000 User Manual
Chapter 40 Certificates
ZyWALL USG 1000 User’s Guide
556
The following table describes the labels in this screen.
40.7 Trusted Certificates Screen
Click Object > Certificate > Trusted Certificates to open the Trusted Certificates screen.
This screen displays a summary list of certificates that you have set the ZyWALL to accept as
trusted. The ZyWALL also accepts any valid certificate signed by a certificate on this list as
being trustworthy; thus you do not need to import any certificate that is signed by one of these
certificates.
This screen displays a summary list of certificates that you have set the ZyWALL to accept as
trusted. The ZyWALL also accepts any valid certificate signed by a certificate on this list as
being trustworthy; thus you do not need to import any certificate that is signed by one of these
certificates.
40.7.1 OCSP
OCSP (Online Certificate Status Protocol) allows an application or device to check whether a
certificate is valid. With OCSP the ZyWALL checks the status of individual certificates
instead of downloading a Certificate Revocation List (CRL). OCSP has two main advantages
over a CRL. The first is real-time status information. The second is a reduction in network
traffic since the ZyWALL only gets information on the certificates that it needs to verify, not a
huge list. When the ZyWALL requests certificate status information, the OCSP server returns
a “expired”, “current” or “unknown” response.
certificate is valid. With OCSP the ZyWALL checks the status of individual certificates
instead of downloading a Certificate Revocation List (CRL). OCSP has two main advantages
over a CRL. The first is real-time status information. The second is a reduction in network
traffic since the ZyWALL only gets information on the certificates that it needs to verify, not a
huge list. When the ZyWALL requests certificate status information, the OCSP server returns
a “expired”, “current” or “unknown” response.
Figure 407 Object > Certificate > Trusted Certificates
The following table describes the labels in this screen.
Table 187 Object > Certificate > My Certificates > Import
LABEL
DESCRIPTION
File Path
Type in the location of the file you want to upload in this field or click Browse to find it.
You cannot import a certificate with the same name as a certificate that is already in the
You cannot import a certificate with the same name as a certificate that is already in the
ZyWALL.
Browse Click
Browse to find the certificate file you want to upload.
Password
This field only applies when you import a binary PKCS#12 format file. Type the file’s
password that was created when the PKCS #12 file was exported.
OK
Click OK to save the certificate on the ZyWALL.
Cancel
Click Cancel to quit and return to the My Certificates screen.
Table 188 Object > Certificate > Trusted Certificates
LABEL
DESCRIPTION
PKI Storage
Space in Use
This bar displays the percentage of the ZyWALL’s PKI storage space that is
currently in use. When the storage space is almost full, you should consider
deleting expired or unnecessary certificates before adding more certificates.
#
This field displays the certificate index number. The certificates are listed in
alphabetical order.