Chapter 24 System
USG FLEX H Series User’s Guide
386
24.7.3 The My Certificates Import Screen
Click System > Certificate > My Certificates > Import to open the Import Certificates screen. Follow the
instructions in this screen to save an existing certificate to the Zyxel Device.
Note: You can import a certificate that matches a corresponding certification request that
was generated by the Zyxel Device. You can also import a certificate in PKCS#12
format, including the certificate’s public and private keys.
The certificate you import replaces the corresponding request in the My Certificates screen.
You must remove any spaces from the certificate’s filename before you can import it.
Signature Algorithm This field displays the type of algorithm that was used to sign the certificate. The Zyxel
Device uses rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1
hash algorithm). Some certification authorities may use rsa-pkcs1-md5 (RSA public-private
key encryption algorithm and the MD5 hash algorithm).
Valid From This field displays the date that the certificate becomes applicable. “none” displays for a
certification request.
Valid To This field displays the date that the certificate expires. The text displays in red and includes
an Expired! message if the certificate has expired. “none” displays for a certification
request.
Key Algorithm This field displays the type of algorithm that was used to generate the certificate’s key pair
(the Zyxel Device uses RSA encryption) and the length of the key set in bits (1024 bits for
example).
Subject Alternative
Name
This field displays the certificate owner‘s IP address (IP), domain name (DNS) or email
address (EMAIL).
Key Usage This field displays for what functions the certificate’s key can be used. For example,
“DigitalSignature” means that the key can be used to sign certificates and
“KeyEncipherment” means that the key can be used to encrypt text.
Extended Key Usage This field displays how the Zyxel Device generates and stores a request for server
authentication, client authentication, or IKE Intermediate authentication certificate.
Basic Constraint This field displays general information about the certificate. For example, Subject Type=CA
means that this is a certification authority’s certificate and “Path Length Constraint=1”
means that there can only be one certification authority in the certificate’s path. This field
does not display for a certification request.
PEM Encoded
Format
This read-only text box displays the certificate or certification request in Privacy Enhanced
Mail (PEM) format. PEM uses lowercase letters, uppercase letters and numerals to convert a
binary certificate into a printable form.
You can copy and paste a certification request into a certification authority’s web page,
an email that you send to the certification authority or a text editor and save the file on a
management computer for later manual enrollment.
You can copy and paste a certificate into an email to send to friends or colleagues or you
can copy and paste a certificate into a text editor and save the file on a management
computer for later distribution (via external storage device for example).
Apply Click Apply to save your changes back to the Zyxel Device.
Reset Click Reset to return the screen to its last-saved settings.
Table 191 System > My Certificates > Edit (continued)
LABEL DESCRIPTION
To Next Page
Loading...
