ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual

ZyWALL 2 Series User’s Guide

15-20

Certificates

Table 15-7 Trusted CA Details

LABEL DESCRIPTION

Signature Algorithm

This field displays the type of algorithm that was used to sign the certificate. Some
certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption
algorithm and the SHA1 hash algorithm). Other certification authorities may use
ras-pkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash
algorithm).

Valid From

This field displays the date that the certificate becomes applicable. The text
displays in red and includes a “Not Yet Valid!” message if the certificate has not
yet become applicable.

Valid To

This field displays the date that the certificate expires. The text displays in red and
includes an “Expiring!” or “Expired!” message if the certificate is about to expire or
has already expired.

Key Algorithm

This field displays the type of algorithm that was used to generate the certificate’s
key pair (the ZyWALL uses RSA encryption) and the length of the key set in bits
(1024 bits for example).

Subject Alternative
Name

This field displays the certificate’s owner‘s IP address (IP), domain name (DNS) or
e-mail address (EMAIL).

Key Usage

This field displays for what functions the certificate’s key can be used. For
example, “DigitalSignature” means that the key can be used to sign certificates
and “KeyEncipherment” means that the key can be used to encrypt text.

Basic Constraint

This field displays general information about the certificate. For example, “Subject
Type=CA” means that this is a certification authority’s certificate and “Path
Length Constraint=1” means that there can only be one certification authority in
the certificate’s path.

CRL Distribution
Points

This field displays how many directory servers with Lists of revoked certificates the
issuing certification authority of this certificate makes available. This field also
displays the domain names or IP addresses of the servers.

MD5 Fingerprint

This is the certificate’s message digest that the ZyWALL calculated using the MD5
algorithm. You can use this value to verify with the certification authority (over the
phone for example) that this is actually their certificate.

SHA1 Fingerprint

This is the certificate’s message digest that the ZyWALL calculated using the
SHA1 algorithm. You can use this value to verify with the certification authority
(over the phone for example) that this is actually their certificate.