Chapter 43 Object
ZyWALL USG Series User’s Guide
877
43.12 Certificate Overview
The Zyxel Device can use certificates (also called digital IDs) to authenticate users. Certificates are
based on public-private key pairs. A certificate contains the certificate owner’s identity and public key.
Certificates provide a way to exchange public keys for use in authentication.
• Use the My Certificates screens (see Section 43.12.3 on page 880 to Section 43.12.3.3 on page 888) to
generate and export self-signed certificates or certification requests and import the CA-signed
certificates.
• Use the Trusted Certificates screens (see Section 43.12.4 on page 889 to Section 43.12.4.2 on page
893) to save CA certificates and trusted remote host certificates to the Zyxel Device. The Zyxel Device
trusts any valid certificate that you have imported as a trusted certificate. It also trusts any valid
certificate signed by any of the certificates that you have imported as a trusted certificate.
43.12.1 What You Need to Know
When using public-key cryptology for authentication, each host has two keys. One key is public and can
be made openly available. The other key is private and must be kept secure.
These keys work like a handwritten signature (in fact, certificates are often referred to as “digital
signatures”). Only you can write your signature exactly as it should look. When people know what your
signature looks like, they can verify whether something was signed by you, or by someone else. In the
same way, your private key “writes” your digital signature and your public key allows people to verify
whether data was signed by you, or by someone else. This process works as follows.
1 Tim wants to send a message to Jenny. He needs her to be sure that it comes from him, and that the
message content has not been altered by anyone else along the way. Tim generates a public key pair
(one public key and one private key).
2 Tim keeps the private key and makes the public key openly available. This means that anyone who
receives a message seeming to come from Tim can read it and verify whether it is really from him or not.
3 Tim uses his private key to sign the message and sends it to Jenny.
4 Jenny receives the message and uses Tim’s public key to verify it. Jenny knows that the message is from
Tim, and that although other people may have been able to read the message, no-one can have
altered it (because they cannot re-sign the message with Tim’s private key).
Deliver Authorize
Link Method:
Select one or both methods:
•SMS: Object > User/Group > User must contain a valid mobile telephone number. A valid
mobile telephone number can be up to 20 characters in length, including the numbers 1~9
and the following characters in the square brackets [+*#()-].
•Email: Object > User/Group > User must contain a valid email address. A valid email address
must contain the @ character. For example, this is a valid email address:
abc@example.com
Apply Click Apply to save the changes.
Reset Click Reset to return the screen to its last-saved settings.
Table 346 Configuration > Object > Auth. Method > Two-factor Authentication > Admin Access
LABEL DESCRIPTION
To Next Page
Loading...
