ZyXEL Communications 1000 ユーザーズマニュアル

ZyWALL USG 1000 User’s Guide

The ZyWALL can use certificates (also called digital IDs) to authenticate users. 
Certificates are based on public-private key pairs. A certificate contains the 
certificate owner’s identity and public key. Certificates provide a way to exchange 
public keys for use in authentication. 

• Use  the  My Certificate screens (see 

) to generate and export self-signed certificates or 

certification requests and import the ZyWALL’s CA-signed certificates.

• Use  the  Trusted Certificates screens (see 

) to save CA certificates and trusted remote host certificates 

to the ZyWALL. The ZyWALL trusts any valid certificate that you have imported 

as a trusted certificate. It also trusts any valid certificate signed by any of the 

certificates that you have imported as a trusted certificate. 

When using public-key cryptology for authentication, each host has two keys. One 
key is public and can be made openly available. The other key is private and must 
be kept secure. 

These keys work like a handwritten signature (in fact, certificates are often 
referred to as “digital signatures”). Only you can write your signature exactly as it 
should look. When people know what your signature looks like, they can verify 
whether something was signed by you, or by someone else. In the same way, your 
private key “writes” your digital signature and your public key allows people to 
verify whether data was signed by you, or by someone else. This process works as 
follows.

Tim wants to send a message to Jenny. He needs her to be sure that it comes from 
him, and that the message content has not been altered by anyone else along the 
way. Tim generates a public key pair (one public key and one private key).