ZyXEL Communications 1000 Manuel D’Utilisation
Chapter 46 Certificates
ZyWALL USG 1000 User’s Guide
741
Factory Default Certificate
The ZyWALL generates its own unique self-signed certificate when you first turn it
on. This certificate is referred to in the GUI as the factory default certificate.
on. This certificate is referred to in the GUI as the factory default certificate.
Certificate File Formats
Any certificate that you want to import has to be in one of these file formats:
• Binary X.509: This is an ITU-T recommendation that defines the formats for
X.509 certificates.
• PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses
lowercase letters, uppercase letters and numerals to convert a binary X.509
certificate into a printable form.
• Binary PKCS#7: This is a standard that defines the general syntax for data
(including digital signatures) that may be encrypted. A PKCS #7 file is used to
transfer a public key certificate. The private key is not included. The ZyWALL
currently allows the importation of a PKS#7 file that contains a single
certificate.
• PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses
lowercase letters, uppercase letters and numerals to convert a binary PKCS#7
certificate into a printable form.
• Binary PKCS#12: This is a format for transferring public key and private key
certificates.The private key in a PKCS #12 file is within a password-encrypted
envelope. The file’s password is not connected to your certificate’s public or
private passwords. Exporting a PKCS #12 file creates this and you must provide
it to decrypt the contents when you import the file into the ZyWALL.
Note: Be careful not to convert a binary file to text during the transfer process. It is
easy for this to occur since many programs use text files by default.
Finding Out More
• See
for related information on these screens.
• See
for certificate background information.
46.1.3 Verifying a Certificate
Before you import a trusted certificate into the ZyWALL, you should verify that you
have the correct certificate. You can do this using the certificate’s fingerprint. A
certificate’s fingerprint is a message digest calculated using the MD5 or SHA1
algorithm. The following procedure describes how to check a certificate’s
fingerprint to verify that you have the actual certificate.
have the correct certificate. You can do this using the certificate’s fingerprint. A
certificate’s fingerprint is a message digest calculated using the MD5 or SHA1
algorithm. The following procedure describes how to check a certificate’s
fingerprint to verify that you have the actual certificate.
1
Browse to where you have the certificate saved on your computer.