ZyXEL Communications Corporation WAC6553D-E Manuel D’Utilisation
NWA5000 / WAC6500 Series User’s Guide
108
C
H A P T E R
11
Certificates
11.1 Overview
The NWA/WAC can use certificates (also called digital IDs) to authenticate users. Certificates are
based on public-private key pairs. A certificate contains the certificate owner’s identity and public
key. Certificates provide a way to exchange public keys for use in authentication.
based on public-private key pairs. A certificate contains the certificate owner’s identity and public
key. Certificates provide a way to exchange public keys for use in authentication.
11.1.1 What You Can Do in this Chapter
• The My Certificate screens (
) generate and export self-signed
certificates or certification requests and import the NWA/WAC’s CA-signed certificates.
• The Trusted Certificates screens (
) save CA certificates and trusted
remote host certificates to the NWA/WAC. The NWA/WAC trusts any valid certificate that you
have imported as a trusted certificate. It also trusts any valid certificate signed by any of the
certificates that you have imported as a trusted certificate.
have imported as a trusted certificate. It also trusts any valid certificate signed by any of the
certificates that you have imported as a trusted certificate.
11.1.2 What You Need to Know
The following terms and concepts may help as you read this chapter.
When using public-key cryptology for authentication, each host has two keys. One key is public and
can be made openly available. The other key is private and must be kept secure.
can be made openly available. The other key is private and must be kept secure.
These keys work like a handwritten signature (in fact, certificates are often referred to as “digital
signatures”). Only you can write your signature exactly as it should look. When people know what
your signature looks like, they can verify whether something was signed by you, or by someone
else. In the same way, your private key “writes” your digital signature and your public key allows
people to verify whether data was signed by you, or by someone else.
signatures”). Only you can write your signature exactly as it should look. When people know what
your signature looks like, they can verify whether something was signed by you, or by someone
else. In the same way, your private key “writes” your digital signature and your public key allows
people to verify whether data was signed by you, or by someone else.
This process works as follows:
1
Tim wants to send a message to Jenny. He needs her to be sure that it comes from him, and that
the message content has not been altered by anyone else along the way. Tim generates a public
key pair (one public key and one private key).
the message content has not been altered by anyone else along the way. Tim generates a public
key pair (one public key and one private key).
2
Tim keeps the private key and makes the public key openly available. This means that anyone who
receives a message seeming to come from Tim can read it and verify whether it is really from him
or not.
receives a message seeming to come from Tim can read it and verify whether it is really from him
or not.
3
Tim uses his private key to sign the message and sends it to Jenny.
4
Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the message is
from Tim, and that although other people may have been able to read the message, no-one can
have altered it (because they cannot re-sign the message with Tim’s private key).
from Tim, and that although other people may have been able to read the message, no-one can
have altered it (because they cannot re-sign the message with Tim’s private key).