Filter
Top Products
ZyWALL USG 50 User’s Guide
633
CHAPTER 41
Certificates
41.1 Overview
The ZyWALL can use certificates (also called digital IDs) to authenticate users.
Certificates are based on public-private key pairs. A certificate contains the
certificate owner’s identity and public key. Certificates provide a way to exchange
public keys for use in authentication.
41.1.1 What You Can Do in this Chapter
•Use the My Certificate screens (see Section 41.2 on page 637 to Section
41.2.3 on page 646) to generate and export self-signed certificates or
certification requests and import the ZyWALL’s CA-signed certificates.
•Use the Trusted Certificates screens (see Section 41.3 on page 647 to Section
41.3.2 on page 652) to save CA certificates and trusted remote host certificates
to the ZyWALL. The ZyWALL trusts any valid certificate that you have imported
as a trusted certificate. It also trusts any valid certificate signed by any of the
certificates that you have imported as a trusted certificate.
41.1.2 What You Need to Know
When using public-key cryptology for authentication, each host has two keys. One
key is public and can be made openly available. The other key is private and must
be kept secure.
These keys work like a handwritten signature (in fact, certificates are often
referred to as “digital signatures”). Only you can write your signature exactly as it
should look. When people know what your signature looks like, they can verify
whether something was signed by you, or by someone else. In the same way, your
private key “writes” your digital signature and your public key allows people to
verify whether data was signed by you, or by someone else. This process works as
follows.
1 Tim wants to send a message to Jenny. He needs her to be sure that it comes from
him, and that the message content has not been altered by anyone else along the
way. Tim generates a public key pair (one public key and one private key).