ZyXEL Communications Corporation WAC6503D-S Manual Do Utilizador
Chapter 11 Certificates
NWA5000 / WAC6500 Series User’s Guide
109
5
Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny’s public key to
verify the message.
verify the message.
The NWA/WAC uses certificates based on public-key cryptology to authenticate users attempting to
establish a connection, not to encrypt the data that you send after establishing a connection. The
method used to secure the data that you send through an established connection depends on the
type of connection.
establish a connection, not to encrypt the data that you send after establishing a connection. The
method used to secure the data that you send through an established connection depends on the
type of connection.
The certification authority uses its private key to sign certificates. Anyone can then use the
certification authority’s public key to verify the certificates.
certification authority’s public key to verify the certificates.
A certification path is the hierarchy of certification authority certificates that validate a certificate.
The NWA/WAC does not trust a certificate if any certificate on its path has expired or been revoked.
The NWA/WAC does not trust a certificate if any certificate on its path has expired or been revoked.
Certification authorities maintain directory servers with databases of valid and revoked certificates.
A directory of certificates that have been revoked before the scheduled expiration is called a CRL
(Certificate Revocation List). The NWA/WAC can check a peer’s certificate against a directory
server’s list of revoked certificates. The framework of servers, software, procedures and policies
that handles keys is called PKI (public-key infrastructure).
A directory of certificates that have been revoked before the scheduled expiration is called a CRL
(Certificate Revocation List). The NWA/WAC can check a peer’s certificate against a directory
server’s list of revoked certificates. The framework of servers, software, procedures and policies
that handles keys is called PKI (public-key infrastructure).
Advantages of Certificates
Certificates offer the following benefits.
• The NWA/WAC only has to store the certificates of the certification authorities that you decide to
trust, no matter how many devices you need to authenticate.
• Key distribution is simple and very secure since you can freely distribute public keys and you
never need to transmit private keys.
Self-signed Certificates
You can have the NWA/WAC act as a certification authority and sign its own certificates.
Factory Default Certificate
The NWA/WAC generates its own unique self-signed certificate when you first turn it on. This
certificate is referred to in the GUI as the factory default certificate.
certificate is referred to in the GUI as the factory default certificate.
Certificate File Formats
Any certificate that you want to import has to be in one of these file formats:
• Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates.
• PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters,
• PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters,
uppercase letters and numerals to convert a binary X.509 certificate into a printable form.
• Binary PKCS#7: This is a standard that defines the general syntax for data (including digital
signatures) that may be encrypted. A PKCS #7 file is used to transfer a public key certificate. The
private key is not included. The NWA/WAC currently allows the importation of a PKS#7 file that
contains a single certificate.
private key is not included. The NWA/WAC currently allows the importation of a PKS#7 file that
contains a single certificate.
• PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercase
letters, uppercase letters and numerals to convert a binary PKCS#7 certificate into a printable
form.
form.