Chapter 42 Object
ZyWALL/USG Series User’s Guide
797
Certificate File Formats
Any certificate that you want to import has to be in one of these file formats:
• Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates.
• PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters,
uppercase letters and numerals to convert a binary X.509 certificate into a printable form.
• Binary PKCS#7: This is a standard that defines the general syntax for data (including digital
signatures) that may be encrypted. A PKCS #7 file is used to transfer a public key certificate. The
private key is not included. The ZyWALL/USG currently allows the importation of a PKS#7 file
that contains a single certificate.
• PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercase
letters, uppercase letters and numerals to convert a binary PKCS#7 certificate into a printable
form.
• Binary PKCS#12: This is a format for transferring public key and private key certificates. The
private key in a PKCS #12 file is within a password-encrypted envelope. The file’s password is not
connected to your certificate’s public or private passwords. Exporting a PKCS #12 file creates this
and you must provide it to decrypt the contents when you import the file into the ZyWALL/USG.
Note: Be careful not to convert a binary file to text during the transfer process. It is easy
for this to occur since many programs use text files by default.
42.11.2 Verifying a Certificate
Before you import a trusted certificate into the ZyWALL/USG, you should verify that you have the
correct certificate. You can do this using the certificate’s fingerprint. A certificate’s fingerprint is a
message digest calculated using the MD5 or SHA1 algorithm. The following procedure describes
how to check a certificate’s fingerprint to verify that you have the actual certificate.
1 Browse to where you have the certificate saved on your computer.
2 Make sure that the certificate has a “.cer” or “.crt” file name extension.
Figure 550 Remote Host Certificates
3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll
down to the Thumbprint Algorithm and Thumbprint fields.
To Next Page
Loading...
