ZyXEL Communications ZyWall ATP series - Verifying a Certificate

To Next Page

To Previous Page

Chapter 34 Object

ZyWALL ATP Series User’s Guide

655

Certificate File Formats

Any certificate that you want to import has to be in one of these file formats:

• Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates.

• PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses lowercase letters, uppercase

letters and numerals to convert a binary X.509 certificate into a printable form.

• Binary PKCS#7: This is a standard that defines the general syntax for data (including digital signatures)

that may be encrypted. A PKCS #7 file is used to transfer a public key certificate. The private key is not

included. The Zyxel Device currently allows the importation of a PKS#7 file that contains a single

certificate.

• PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses lowercase letters,

uppercase letters and numerals to convert a binary PKCS#7 certificate into a printable form.

• Binary PKCS#12: This is a format for transferring public key and private key certificates. The private key

in a PKCS #12 file is within a password-encrypted envelope. The file’s password is not connected to

your certificate’s public or private passwords. Exporting a PKCS #12 file creates this and you must

provide it to decrypt the contents when you import the file into the Zyxel Device.

Note: Be careful not to convert a binary file to text during the transfer process. It is easy for this

to occur since many programs use text files by default.

34.11.2 Verifying a Certificate

Before you import a trusted certificate into the Zyxel Device, you should verify that you have the correct

certificate. You can do this using the certificate’s fingerprint. A certificate’s fingerprint is a message

digest calculated using the MD5 or SHA1 algorithm. The following procedure describes how to check a

certificate’s fingerprint to verify that you have the actual certificate.

1 Browse to where you have the certificate saved on your computer.

2 Make sure that the certificate has a “.cer” or “.crt” file name extension.

Figure 430 Remote Host Certificates

3 Double-click the certificate’s icon to open the Certificate window. Click the Details tab and scroll down

to the Thumbprint Algorithm and Thumbprint fields.

Other manuals for ZyXEL Communications ZyWall ATP series