ZyXEL Communications Corporation P663HN51 Manual De Usuario
Chapter 17 Certificates
P-663HN-51 User’s Guide
138
17.3.1 Certificates Overview
The ZyXEL Device can use certificates (also called digital IDs) to authenticate
users. Certificates are based on public-private key pairs. A certificate contains the
certificate owner’s identity and public key. Certificates provide a way to exchange
public keys for use in authentication.
users. Certificates are based on public-private key pairs. A certificate contains the
certificate owner’s identity and public key. Certificates provide a way to exchange
public keys for use in authentication.
The ZyXEL Device uses certificates based on public-key cryptology to authenticate
users attempting to establish a connection, not to encrypt the data that you send
after establishing a connection. The method used to secure the data that you send
through an established connection depends on the type of connection. For
example, a VPN tunnel might use the triple DES encryption algorithm.
users attempting to establish a connection, not to encrypt the data that you send
after establishing a connection. The method used to secure the data that you send
through an established connection depends on the type of connection. For
example, a VPN tunnel might use the triple DES encryption algorithm.
The certification authority uses its private key to sign certificates. Anyone can
then use the certification authority’s public key to verify the certificates.
then use the certification authority’s public key to verify the certificates.
A certification path is the hierarchy of certification authority certificates that
validate a certificate. The ZyXEL Device does not trust a certificate if any
certificate on its path has expired or been revoked.
validate a certificate. The ZyXEL Device does not trust a certificate if any
certificate on its path has expired or been revoked.
Certification authorities maintain directory servers with databases of valid and
revoked certificates. A directory of certificates that have been revoked before the
scheduled expiration is called a CRL (Certificate Revocation List). The ZyXEL
Device can check a peer’s certificate against a directory server’s list of revoked
certificates. The framework of servers, software, procedures and policies that
handles keys is called PKI (Public-Key Infrastructure).
revoked certificates. A directory of certificates that have been revoked before the
scheduled expiration is called a CRL (Certificate Revocation List). The ZyXEL
Device can check a peer’s certificate against a directory server’s list of revoked
certificates. The framework of servers, software, procedures and policies that
handles keys is called PKI (Public-Key Infrastructure).
Advantages of Certificates
Certificates offer the following benefits.
• The ZyXEL Device only has to store the certificates of the certification
authorities that you decide to trust, no matter how many devices you need to
authenticate.
• Key distribution is simple and very secure since you can freely distribute public
keys and you never need to transmit private keys.
Self-signed Certificates
You can have the ZyXEL Device act as a certification authority and sign its own
certificates.
certificates.