ZyXEL Communications Corporation OX253P Manuel D’Utilisation
Chapter 10 The Certificates Screens
OX253P User’s Guide
115
scheduled expiration is called a CRL (Certificate Revocation List). The OX253P can
check a peer’s certificate against a directory server’s list of revoked certificates.
The framework of servers, software, procedures and policies that handles keys is
called PKI (public-key infrastructure).
check a peer’s certificate against a directory server’s list of revoked certificates.
The framework of servers, software, procedures and policies that handles keys is
called PKI (public-key infrastructure).
10.4.1.1 Advantages of Certificates
Certificates offer the following benefits.
• The OX253P only has to store the certificates of the certification authorities that
you decide to trust, no matter how many devices you need to authenticate.
• Key distribution is simple and very secure since you can freely distribute public
keys and you never need to transmit private keys.
10.4.1.2 Self-signed Certificates
You can have the OX253P act as a certification authority and sign its own
certificates.
certificates.
10.4.1.3 Factory Default Certificate
The OX253P generates its own unique self-signed certificate when you first turn it
on. This certificate is referred to in the GUI as the factory default certificate.
on. This certificate is referred to in the GUI as the factory default certificate.
10.4.1.4 Certificate File Formats
Any certificate that you want to import has to be in one of these file formats:
• Binary X.509: This is an ITU-T recommendation that defines the formats for
X.509 certificates.
• PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses
lowercase letters, uppercase letters and numerals to convert a binary X.509
certificate into a printable form.
• Binary PKCS#7: This is a standard that defines the general syntax for data
(including digital signatures) that may be encrypted. A PKCS #7 file is used to
transfer a public key certificate. The private key is not included. The OX253P
currently allows the importation of a PKS#7 file that contains a single
certificate.
• PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses
lowercase letters, uppercase letters and numerals to convert a binary PKCS#7
certificate into a printable form.
Note: Be careful to not convert a binary file to text during the transfer process. It is
easy for this to occur since many programs use text files by default.