ZyXEL Communications 3.1 ユーザーズマニュアル
ZyWALL (ZLD) CLI Reference Guide
259
C
H A P T E R
3 2
Certificates
This chapter explains how to use the Certificates.
32.1 Certificates Overview
The ZyWALL can use certificates (also called digital IDs) to authenticate users. Certificates are
based on public-private key pairs. A certificate contains the certificate owner’s identity and public
key. Certificates provide a way to exchange public keys for use in authentication.
based on public-private key pairs. A certificate contains the certificate owner’s identity and public
key. Certificates provide a way to exchange public keys for use in authentication.
A Certification Authority (CA) issues certificates and guarantees the identity of each certificate
owner. There are commercial certification authorities like CyberTrust or VeriSign and government
certification authorities. You can use the ZyWALL to generate certification requests that contain
identifying information and public keys and then send the certification requests to a certification
authority.
owner. There are commercial certification authorities like CyberTrust or VeriSign and government
certification authorities. You can use the ZyWALL to generate certification requests that contain
identifying information and public keys and then send the certification requests to a certification
authority.
32.2 Certificate Commands
This section describes the commands for configuring certificates.
32.3 Certificates Commands Input Values
The following table explains the values you can input with the
certificate
commands.
Table 155
Certificates Commands Input Values
LABEL
DESCRIPTION
certificate_name
The name of a certificate. You can use up to 31 alphanumeric and
;‘~!@#$%^&()_+[]{}’,.=-
;‘~!@#$%^&()_+[]{}’,.=-
characters.
cn_address
A common name IP address identifies the certificate’s owner. Type the IP address in
dotted decimal notation.
dotted decimal notation.
cn_domain_name
A common name domain name identifies the certificate’s owner. The domain name is
for identification purposes only and can be any string. The domain name can be up
to 255 characters. You can use alphanumeric characters, the hyphen and periods.
for identification purposes only and can be any string. The domain name can be up
to 255 characters. You can use alphanumeric characters, the hyphen and periods.
cn_email
A common name e-mail address identifies the certificate’s owner. The e-mail address
is for identification purposes only and can be any string. The e-mail address can be
up to 63 characters. You can use alphanumeric characters, the hyphen, the @
symbol, periods and the underscore.
is for identification purposes only and can be any string. The e-mail address can be
up to 63 characters. You can use alphanumeric characters, the hyphen, the @
symbol, periods and the underscore.
organizational_unit
Identify the organizational unit or department to which the certificate owner
belongs. You can use up to 31 characters. You can use alphanumeric characters, the
hyphen and the underscore.
belongs. You can use up to 31 characters. You can use alphanumeric characters, the
hyphen and the underscore.