ZyXEL 2WG Guida Utente
ZyWALL 2WG User’s Guide
343
C
H A P T E R
16
Certificates Screens
16.1 Overview
The ZyWALL can use certificates (also called digital IDs) to authenticate users. Certificates
are based on public-private key pairs. A certificate contains the certificate owner’s identity and
public key. Certificates provide a way to exchange public keys for use in authentication.
are based on public-private key pairs. A certificate contains the certificate owner’s identity and
public key. Certificates provide a way to exchange public keys for use in authentication.
16.1.1 What You Can Do in the Certificate Screens
• Use the My Certificate screens (see
) to generate and export
self-signed certificates or certification requests and import the ZyWALL’s CA-signed
certificates.
certificates.
• Use the Trusted CA screens (see
) to save the certificates of
trusted CAs to the ZyWALL. You can also export the certificates to a computer.
) to import self-
signed certificates from trusted remote hosts.
• Use the Directory Servers screen (see
) to configure a list of
addresses of directory servers (that contain lists of valid and revoked certificates).
16.1.2 What You Need to Know About Certificates
A Certification Authority (CA) issues certificates and guarantees the identity of each
certificate owner. There are commercial certification authorities like CyberTrust or VeriSign
and government certification authorities. You can use the ZyWALL to generate certification
requests that contain identifying information and public keys and then send the certification
requests to a certification authority.
When using public-key cryptology for authentication, each host has two keys. One key is
public and can be made openly available; the other key is private and must be kept secure.
Public-key encryption in general works as follows.
certificate owner. There are commercial certification authorities like CyberTrust or VeriSign
and government certification authorities. You can use the ZyWALL to generate certification
requests that contain identifying information and public keys and then send the certification
requests to a certification authority.
When using public-key cryptology for authentication, each host has two keys. One key is
public and can be made openly available; the other key is private and must be kept secure.
Public-key encryption in general works as follows.
1 Tim wants to send a private message to Jenny. Tim generates a public-private key pair.
What is encrypted with one key can only be decrypted using the other.
2 Tim keeps the private key and makes the public key openly available.
3 Tim uses his private key to encrypt the message and sends it to Jenny.
4 Jenny receives the message and uses Tim’s public key to decrypt it.
5 Additionally, Jenny uses her own private key to encrypt a message and Tim uses Jenny’s
3 Tim uses his private key to encrypt the message and sends it to Jenny.
4 Jenny receives the message and uses Tim’s public key to decrypt it.
5 Additionally, Jenny uses her own private key to encrypt a message and Tim uses Jenny’s
public key to decrypt the message.