Home » ZyXEL Manuals » Networking » ZyXEL P-2812HNU-F1 » Manual Viewer

ZyXEL P-2812HNU-F1 User Guide - Page 212

Verifying a Certificate - vpn

Get ZyXEL P-2812HNU-F1 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 212 highlights

Chapter 15 Certificates The Device uses certificates based on public-key cryptology to authenticate users attempting to establish a connection. The method used to secure the data that you send through an established connection depends on the type of connection. For example, a VPN tunnel might use the triple DES encryption algorithm. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority's public key to verify the certificates. Certification Path A certification path is the hierarchy of certification authority certificates that validate a certificate. The Device does not trust a certificate if any certificate on its path has expired or been revoked. Certificate Directory Servers Certification authorities maintain directory servers with databases of valid and revoked certificates. A directory of certificates that have been revoked before the scheduled expiration is called a CRL (Certificate Revocation List). The Device can check a peer's certificate against a directory server's list of revoked certificates. The framework of servers, software, procedures and policies that handles keys is called PKI (public-key infrastructure). Advantages of Certificates Certificates offer the following benefits. • The Device only has to store the certificates of the certification authorities that you decide to trust, no matter how many devices you need to authenticate. • Key distribution is simple and very secure since you can freely distribute public keys and you never need to transmit private keys. Certificate File Formats The certification authority certificate that you want to import has to be in one of these file formats: • Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates. • PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses 64 ASCII characters to convert a binary X.509 certificate into a printable form. • Binary PKCS#7: This is a standard that defines the general syntax for data (including digital signatures) that may be encrypted. The Device currently allows the importation of a PKS#7 file that contains a single certificate. • PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII characters to convert a binary PKCS#7 certificate into a printable form. Note: Be careful not to convert a binary file to text during the transfer process. It is easy for this to occur since many programs use text files by default. 15.1.3 Verifying a Certificate Before you import a trusted CA or trusted remote host certificate into the Device, you should verify that you have the actual certificate. This is especially true of trusted CA certificates since the Device also trusts any valid certificate signed by any of the imported trusted CA certificates. 212 P-2812HNU(L)-Fx Series User's Guide

Section	Page
P-2812HNU(L)-Fx Series	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
User’s Guide	19
Introduction	21
1.1 Overview	21
1.2 Applications for the Device	21
1.2.1 Internet Access	21
1.2.2 VoIP Features	22
1.2.3 Wireless Connection	22
1.3 The WLAN Button	23
1.4 Ways to Manage the Device	24
1.5 Good Habits for Managing the Device	24
1.6 LEDs (Lights)	24
1.7 The RESET Button	26
Introducing the Web Configurator	27
2.1 Overview	27
2.1.1 Accessing the Web Configurator	27
2.2 The Web Configurator Layout	29
2.2.1 Title Bar	29
2.2.2 Main Window	29
2.2.3 Navigation Panel	30
Tutorials	33
3.1 Overview	33
3.2 Setting Up Your DSL Connection	33
3.3 How to Set up a Wireless Network	36
3.3.1 Example Parameters	36
3.3.2 Configuring the AP	36
3.3.3 Configuring the Wireless Client	38
3.4 Setting Up NAT Port Forwarding	43
3.5 How to Make a VoIP Call	44
3.5.1 VoIP Calls With a Registered SIP Account	45
3.6 Using the File Sharing Feature	47
3.6.1 Set Up File Sharing	48
3.6.2 Access Your Shared Files From a Computer	49
3.7 Using the Media Server Feature	49
3.7.1 Configuring the Device	50
3.7.2 Using Windows Media Player	50
3.7.3 Using a Digital Media Adapter	53
3.8 Using the Print Server Feature	55
3.9 Configuring the MAC Address Filter	70
3.10 Configuring Static Route for Routing to Another Network	71
3.11 Configuring QoS Queue and Class Setup	73
3.12 Access the Device Using DDNS	76
3.12.1 Registering a DDNS Account on www.dyndns.org	77
3.12.2 Configuring DDNS on Your Device	77
3.12.3 Testing the DDNS Setting	77
Technical Reference	79
Connection Status and System Info	81
4.1 Overview	81
4.2 The Connection Status Screen	81
4.3 The System Info Screen	83
Broadband	87
5.1 Overview	87
5.1.1 What You Can Do in this Chapter	88
5.1.2 What You Need to Know	88
5.1.3 Before You Begin	91
5.2 The Broadband Screen	91
5.2.1 Add/Edit Internet Connection	93
5.3 The 3G Backup Screen	115
5.4 Technical Reference	117
Wireless	123
6.1 Overview	123
6.1.1 What You Can Do in this Chapter	123
6.1.2 Wireless Network Overview	123
6.1.3 Before You Begin	125
6.2 The Wireless General Screen	125
6.2.1 No Security	127
6.2.2 Basic (Static WEP/Shared WEP Encryption)	127
6.2.3 More Secure (WPA(2)-PSK)	129
6.2.4 WPA(2) Authentication	130
6.3 The More AP Screen	131
6.3.1 Edit More AP	132
6.4 The WPS Screen	133
6.5 The WMM Screen	135
6.6 Scheduling Screen	137
6.7 Technical Reference	137
6.7.1 Additional Wireless Terms	138
6.7.2 Wireless Security Overview	138
6.7.3 Signal Problems	140
6.7.4 BSS	141
6.7.5 MBSSID	141
6.7.6 WiFi Protected Setup (WPS)	142
Home Networking	149
7.1 Overview	149
7.1.1 What You Can Do in this Chapter	149
7.1.2 What You Need To Know	149
7.2 The LAN Setup Screen	152
7.3 The Static DHCP Screen	153
7.3.1 Before You Begin	153
7.4 The UPnP Screen	155
7.5 The File Sharing Screen	155
7.5.1 Before You Begin	156
7.5.2 Add/Edit File Sharing	157
7.6 The Media Server Screen	158
7.7 The Printer Server Screen	159
7.7.1 Before You Begin	159
7.8 Technical Reference	160
7.9 Installing UPnP in Windows Example	164
7.10 Using UPnP in Windows XP Example	167
Routing	173
8.1 Overview	173
8.2 Configuring Static Route	174
8.2.1 Add/Edit Static Route	175
Quality of Service (QoS)	177
9.1 Overview	177
9.1.1 What You Can Do in this Chapter	177
9.1.2 What You Need to Know	177
9.2 The QoS General Screen	178
9.3 The Queue Setup Screen	180
9.3.1 Add/Edit a QoS Queue	181
9.4 The Class Setup Screen	181
9.4.1 Add/Edit QoS Class	183
9.5 The QoS Monitor Screen	186
9.6 QoS Technical Reference	187
9.6.1 IEEE 802.1Q Tag	187
9.6.2 IP Precedence	187
9.6.3 DiffServ	187
Network Address Translation (NAT)	189
10.1 Overview	189
10.1.1 What You Can Do in this Chapter	189
10.1.2 What You Need To Know	189
10.2 The Port Forwarding Screen	190
10.2.1 The Port Forwarding Screen	190
10.2.2 The Port Forwarding Edit Screen	192
10.3 The Sessions Screen	193
10.4 Technical Reference	193
10.4.1 NAT Definitions	193
10.4.2 What NAT Does	194
10.4.3 How NAT Works	194
Dynamic DNS	197
11.1 Overview	197
11.1.1 What You Need To Know	197
11.2 The Dynamic DNS Screen	197
Firewall	199
12.1 Overview	199
12.1.1 What You Can Do in this Chapter	199
12.1.2 What You Need to Know	199
12.2 The General Screen	200
12.3 The Services Screen	201
12.4 Firewall Technical Reference	202
12.4.1 Guidelines For Enhancing Security With Your Firewall	202
12.4.2 Security Considerations	202
MAC Filter	205
13.1 Overview	205
13.1.1 What You Need to Know	205
13.2 The MAC Filter Screen	205
Parental Control	207
14.1 Overview	207
14.2 The Parental Control Screen	207
14.2.1 Add/Edit a Parental Control Rule	208
Certificates	211
15.1 Overview	211
15.1.1 What You Can Do in this Chapter	211
15.1.2 What You Need to Know	211
15.1.3 Verifying a Certificate	212
15.2 Local Certificates	213
15.3 Trusted CA	215
15.4 Trusted CA Import	215
15.5 View Certificate	216
VoIP	219
16.1 Overview	219
16.1.1 What You Can Do in this Chapter	219
16.1.2 What You Need to Know	219
16.1.3 Before You Begin	221
16.2 The SIP Service Provider Screen	221
16.3 The SIP Account Screen	224
16.3.1 Add/Edit SIP Account	226
16.4 Multiple SIP Accounts	228
16.5 The Common Screen	228
16.6 Phone Screen	229
16.6.1 Edit Phone Device	230
16.7 The Phone Region Screen	231
16.8 The Call Rule Screen	231
16.9 The FXO Screen (“L” Models Only)	233
16.10 Technical Reference	233
16.10.1 VoIP	234
16.10.2 SIP	234
16.10.3 Quality of Service (QoS)	238
16.10.4 Phone Services Overview	239
Logs	243
17.1 Overview	243
17.1.1 What You Can Do in this Chapter	243
17.1.2 What You Need To Know	243
17.2 The System Log Screen	244
17.3 The Phone Log Screen	245
17.4 The VoIP Call History Screen	245
Traffic Status	247
18.1 Overview	247
18.1.1 What You Can Do in this Chapter	247
18.2 The WAN Status Screen	247
18.3 The LAN Status Screen	248
18.4 The NAT Status Screen	249
18.5 The 3G Backup Status Screen	250
18.6 The VoIP Status Screen	251
User Account	253
19.1 Overview	253
19.2 The User Account Screen	253
Remote MGMT	255
20.1 Overview	255
20.1.1 What You Need to Know	255
20.2 The Remote MGMT Screen	256
System	257
21.1 Overview	257
21.1.1 What You Need to Know	257
21.2 The System Screen	257
Time Setting	259
22.1 Overview	259
22.2 The Time Setting Screen	259
Log Setting	261
23.1 Overview	261
23.2 The Log Setting Screen	261
Firmware Upgrade	263
24.1 Overview	263
24.2 The Firmware Upgrade Screen	263
Backup/Restore	265
25.1 Overview	265
25.2 The Backup/Restore Screen	265
25.3 The Reboot Screen	267
Diagnostic	269
26.1 Overview	269
26.2 The Ping/TraceRoute Screen	269
26.3 The DSL Line Screen	270
Troubleshooting	273
27.1 Overview	273
27.2 Power, Hardware Connections, and LEDs	273
27.3 Device Access and Login	274
27.4 Internet Access	276
27.5 Wireless Internet Access	278
27.6 Phone Calls and VoIP	279
27.7 USB Device Connection	279
27.8 UPnP	279
Product Specifications	281
IP Addresses and Subnetting	289
Setting Up Your Computer’s IP Address	299
Pop-up Windows, JavaScript and Java Permissions	329
Wireless LANs	339
Common Services	359
IPv6	363
Open Software Announcements	375
Legal Information	411

Match case Limit results 1 per page

Chapter 15 Certificates

P-2812HNU(L)-Fx Series User’s Guide

212

The Device uses certificates based on public-key cryptology to authenticate users attempting to

establish a connection. The method used to secure the data that you send through an established

connection depends on the type of connection. For example, a VPN tunnel might use the triple DES

encryption algorithm.

The certification authority uses its private key to sign certificates. Anyone can then use the

certification authority’s public key to verify the certificates.

Certification Path

A certification path is the hierarchy of certification authority certificates that validate a certificate.

The Device does not trust a certificate if any certificate on its path has expired or been revoked.

Certificate Directory Servers

Certification authorities maintain directory servers with databases of valid and revoked certificates.

A directory of certificates that have been revoked before the scheduled expiration is called a CRL

(Certificate Revocation List). The Device can check a peer’s certificate against a directory server’s

list of revoked certificates. The framework of servers, software, procedures and policies that

handles keys is called PKI (public-key infrastructure).

Advantages of Certificates

Certificates offer the following benefits.

•

The Device only has to store the certificates of the certification authorities that you decide to

trust, no matter how many devices you need to authenticate.

•

Key distribution is simple and very secure since you can freely distribute public keys and you

never need to transmit private keys.

Certificate File Formats

The certification authority certificate that you want to import has to be in one of these file formats:

•

Binary X.509: This is an ITU-T recommendation that defines the formats for X.509 certificates.

•

PEM (Base-64) encoded X.509: This Privacy Enhanced Mail format uses 64 ASCII characters to

convert a binary X.509 certificate into a printable form.

•

Binary PKCS#7: This is a standard that defines the general syntax for data (including digital

signatures) that may be encrypted. The Device currently allows the importation of a PKS#7 file

that contains a single certificate.

•

PEM (Base-64) encoded PKCS#7: This Privacy Enhanced Mail (PEM) format uses 64 ASCII

characters to convert a binary PKCS#7 certificate into a printable form.

Note: Be careful not to convert a binary file to text during the transfer process. It is easy

for this to occur since many programs use text files by default.

15.1.3

Verifying a Certificate

Before you import a trusted CA or trusted remote host certificate into the Device, you should verify

that you have the actual certificate. This is especially true of trusted CA certificates since the Device

also trusts any valid certificate signed by any of the imported trusted CA certificates.