Home » ZyXEL Manuals » Wireless » ZyXEL WAC6303D-S » Manual Viewer

ZyXEL WAC6303D-S User Guide - Page 167

Configuration > Object > Certificate > Trusted Certificates > Edit

Add to My Manuals
Save this manual to your list of manuals

Page 167 highlights

Chapter 16 Certificates The following table describes the labels in this screen. Table 73 Configuration > Object > Certificate > Trusted Certificates > Edit LABEL DESCRIPTION Name Certification Path Refresh Enable X.509v3 CRL Distribution Points and OCSP checking OCSP Server URL ID Password LDAP Server Address Port ID Password Certificate Information Type Version Serial Number Subject Issuer This field displays the identifying name of this certificate. You can change the name. You can use up to 31 alphanumeric and characters. Click the Refresh button to have this read-only text box display the end entity's certificate and a list of certification authority certificates that shows the hierarchy of certification authorities that validate the end entity's certificate. If the issuing certification authority is one that you have imported as a trusted certificate, it may be the only certification authority in the list (along with the end entity's own certificate). The Zyxel Device does not trust the end entity's certificate and displays "Not trusted" in this field if any certificate on the path has expired or been revoked. Click Refresh to display the certification path. Select this check box to have the Zyxel Device check incoming certificates that are signed by this certificate against a Certificate Revocation List (CRL) or an OCSP server. You also need to configure the OSCP or LDAP server details. Select this check box if the directory server uses OCSP (Online Certificate Status Protocol). Type the protocol, IP address and pathname of the OCSP server. The Zyxel Device may need to authenticate itself in order to assess the OCSP server. Type the login name (up to 31 ASCII characters) from the entity maintaining the server (usually a certification authority). Type the password (up to 31 ASCII characters) from the entity maintaining the OCSP server (usually a certification authority). Select this check box if the directory server uses LDAP (Lightweight Directory Access Protocol). LDAP is a protocol over TCP that specifies how clients access directories of certificates and lists of revoked certificates. Type the IP address (in dotted decimal notation) of the directory server. Use this field to specify the LDAP server port number. You must use the same server port number that the directory server uses. 389 is the default server port number for LDAP. The Zyxel Device may need to authenticate itself in order to assess the CRL directory server. Type the login name (up to 31 ASCII characters) from the entity maintaining the server (usually a certification authority). Type the password (up to 31 ASCII characters) from the entity maintaining the CRL directory server (usually a certification authority). These read-only fields display detailed information about the certificate. This field displays general information about the certificate. CA-signed means that a Certification Authority signed the certificate. Self-signed means that the certificate's owner signed the certificate (not a certification authority). X.509 means that this certificate was created and signed according to the ITU-T X.509 recommendation that defines the formats for public-key certificates. This field displays the X.509 version number. This field displays the certificate's identification number given by the certification authority. This field displays information that identifies the owner of the certificate, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C). This field displays identifying information about the certificate's issuing certification authority, such as Common Name, Organizational Unit, Organization and Country. Signature Algorithm With self-signed certificates, this is the same information as in the Subject Name field. This field displays the type of algorithm that was used to sign the certificate. Some certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Other certification authorities may use rsa-pkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash algorithm). NWA/WAC/WAX Series User's Guide 167

Section	Page
NWA/WAC/WAX Series	1
Document Conventions	3
Contents Overview	4
Table of Contents	5
Introduction	13
1.1 Overview	13
1.2 Zyxel Device Roles	13
1.2.1 Root AP	14
1.2.2 Wireless Repeater	14
1.2.3 Radio Frequency (RF) Monitor	15
1.3 Sample Feature Applications	17
1.3.1 MBSSID	17
1.3.2 Dual-Radio	18
1.4 Zyxel Device Product Feature Comparison	19
AP Management	24
2.1 Management Mode	24
2.1.1 Standalone	24
2.1.2 Nebula Control Center	24
2.1.3 AP Controller (AC)	26
2.2 Switching Management Modes	26
2.3 Zyxel One Network (ZON) Utility	27
2.3.1 Requirements	27
2.3.2 Run the ZON Utility	28
2.4 Ways to Access the Zyxel Device	31
2.5 Good Habits for Managing the Zyxel Device	32
Hardware	33
3.1 Grounding (WAC6552D-S and WAC6553D-E)	33
3.2 Zyxel Device Models With Single LEDs	34
3.2.1 NWA1123-ACv2	34
3.2.2 WAC6303D-S and NWA5123-AC HD	36
3.2.3 NWA1123-AC HD	37
3.2.4 NWA5123-AC	39
3.2.5 NWA110AX, WAX510D and WAX650S	40
3.3 Zyxel Device Models With Multiple LEDs	42
3.3.1 NWA1123-AC PRO	42
3.3.2 NWA1302-AC	44
3.3.3 WAC6502D-E, WAC6502D-S, and WAC6503D-S	46
3.3.4 WAC6103D-I	48
3.3.5 WAC5302D-S	50
Web Configurator	53
4.1 Overview	53
4.2 Accessing the Web Configurator	53
4.3 Navigating the Web Configurator	55
4.3.1 Title Bar	56
4.3.2 Navigation Panel	58
4.3.3 Standalone Mode Navigation Panel Menus	58
4.3.4 Cloud Mode Navigation Panel Menus	60
4.3.5 Tables and Lists	61
Standalone Configuration	64
Standalone Configuration	65
5.1 Overview	65
5.2 Starting and Stopping the Zyxel Device	65
Dashboard	67
6.1 Overview	67
6.1.1 CPU Usage	70
6.1.2 Memory Usage	71
Setup Wizard	73
7.1 Accessing the Wizard	73
7.2 Using the Wizard	73
7.2.1 Step 1 Time Settings	73
7.2.2 Step 2 Password and Uplink Connection	74
7.2.3 Step 3 Radio	75
7.2.4 Step 4 SSID	76
7.2.5 Summary	78
Monitor	79
8.1 Overview	79
8.1.1 What You Can Do in this Chapter	79
8.2 What You Need to Know	79
8.3 Network Status	80
8.3.1 Port Statistics Graph	81
8.4 Radio List	82
8.4.1 AP Mode Radio Information	84
8.5 Station List	86
8.6 WDS Link Info	87
8.7 Detected Device	88
8.8 View Log	91
Network	94
9.1 Overview	94
9.1.1 AP Controller Management	94
9.1.2 What You Can Do in this Chapter	96
9.2 IP Setting	97
9.3 VLAN	98
9.4 Storm Control	101
9.5 AC (AP Controller) Discovery	102
9.6 NCC Discovery	103
Wireless	105
10.1 Overview	105
10.1.1 What You Can Do in this Chapter	105
10.1.2 What You Need to Know	106
10.2 AP Management	106
10.3 Rogue AP	109
10.3.1 Add/Edit Rogue/Friendly List	113
10.4 Load Balancing	114
10.4.1 Disassociating and Delaying Connections	115
10.5 DCS	116
10.6 Technical Reference	117
Bluetooth	119
11.1 Overview	119
11.1.1 What You Need To Know	119
11.2 Bluetooth Advertising Settings	120
11.2.1 Edit Advertising Settings	120
User	122
12.1 Overview	122
12.1.1 What You Can Do in this Chapter	122
12.1.2 What You Need To Know	122
12.2 User Summary	123
12.2.1 Add/Edit User	123
12.3 Setting	125
12.3.1 Edit User Authentication Timeout Settings	127
AP Profile	129
13.1 Overview	129
13.1.1 What You Can Do in this Chapter	129
13.1.2 What You Need To Know	129
13.2 Radio	130
13.2.1 Add/Edit Radio Profile	131
13.3 SSID	136
13.3.1 SSID List	136
13.3.2 Add/Edit SSID Profile	138
13.4 Security List	140
13.4.1 Add/Edit Security Profile	141
13.5 MAC Filter List	145
13.5.1 Add/Edit MAC Filter Profile	145
13.6 Layer-2 Isolation List	146
13.6.1 Add/Edit Layer-2 Isolation Profile	148
MON Profile	149
14.1 Overview	149
14.1.1 What You Can Do in this Chapter	149
14.2 MON Profile	149
14.2.1 Add/Edit MON Profile	150
WDS Profile	152
15.1 Overview	152
15.1.1 What You Can Do in this Chapter	152
15.2 WDS Profile	152
15.2.1 Add/Edit WDS Profile	153
Certificates	154
16.1 Overview	154
16.1.1 What You Can Do in this Chapter	154
16.1.2 What You Need to Know	154
16.1.3 Verifying a Certificate	156
16.2 My Certificates	157
16.2.1 Add My Certificates	158
16.2.2 Edit My Certificates	160
16.2.3 Import Certificates	163
16.3 Trusted Certificates	164
16.3.1 Edit Trusted Certificates	165
16.3.2 Import Trusted Certificates	168
16.4 Technical Reference	169
System	170
17.1 Overview	170
17.1.1 What You Can Do in this Chapter	170
17.2 Host Name	170
17.3 Power Mode	171
17.4 Date and Time	172
17.4.1 Pre-defined NTP Time Servers List	174
17.4.2 Time Server Synchronization	174
17.5 WWW Overview	175
17.5.1 Service Access Limitations	175
17.5.2 System Timeout	175
17.5.3 HTTPS	176
17.5.4 Configuring WWW Service Control	176
17.5.5 HTTPS Example	177
17.6 SSH	183
17.6.1 How SSH Works	184
17.6.2 SSH Implementation on the Zyxel Device	185
17.6.3 Requirements for Using SSH	185
17.6.4 Configuring SSH	185
17.6.5 Examples of Secure Telnet Using SSH	186
17.7 Telnet	187
17.8 FTP	188
17.9 SNMP	189
17.9.1 Supported MIBs	190
17.9.2 SNMP Traps	190
17.9.3 Configuring SNMP	190
17.9.4 Adding or Editing an SNMPv3 User Profile	191
Log and Report	193
18.1 Overview	193
18.1.1 What You Can Do In this Chapter	193
18.2 Email Daily Report	193
18.3 Log Setting	195
18.3.1 Log Setting Screen	196
18.3.2 Edit System Log Settings	197
18.3.3 Edit Remote Server	201
18.3.4 Active Log Summary	202
File Manager	205
19.1 Overview	205
19.1.1 What You Can Do in this Chapter	205
19.1.2 What you Need to Know	205
19.2 Configuration File	206
19.2.1 Example of Configuration File Download Using FTP	210
19.3 Firmware Package	211
19.3.1 Example of Firmware Upload Using FTP	212
19.4 Shell Script	213
Diagnostics	216
20.1 Overview	216
20.1.1 What You Can Do in this Chapter	216
20.2 Diagnostics	216
LEDs	218
21.1 Overview	218
21.1.1 What You Can Do in this Chapter	218
21.2 Suppression Screen	218
21.3 Locator Screen	219
Antenna Switch	221
22.1 Overview	221
22.1.1 What You Need To Know	221
22.2 Antenna Switch Screen	221
Reboot	223
23.1 Overview	223
23.1.1 What You Need To Know	223
23.2 Reboot	223
Shutdown	224
24.1 Overview	224
24.1.1 What You Need To Know	224
24.2 Shutdown	224
Local Configuration in Cloud Mode	225
Cloud Mode	226
25.1 Overview	226
25.2 Cloud Mode Web Configurator Screens	226
Dashboard	228
Network	230
27.1 Overview	230
27.1.1 What You Can Do in this Chapter	230
27.2 IP Setting	230
27.3 VLAN	232
Maintenance	233
28.1 Overview	233
28.1.1 What You Can Do in this Chapter	233
28.2 Shell Script	233
28.3 Diagnostics	234
28.4 View Log	235
Appendices and Troubleshooting	238
Troubleshooting	239
29.1 Overview	239
29.2 Power, Hardware Connections, and LED	239
29.3 Zyxel Device Management, Access, and Login	240
29.4 Internet Access	244
29.5 WiFi Network	245
29.6 Resetting the Zyxel Device	246
29.7 Getting More Troubleshooting Help	247
Importing Certificates	248
IPv6	272
Customer Support	280
Legal Information	286

Match case Limit results 1 per page

Chapter 16 Certificates

NWA/WAC/WAX Series User’s Guide

167

The following table describes the labels in this screen.

Table 73

Configuration > Object > Certificate > Trusted Certificates > Edit

LABEL

DESCRIPTION

Name

This field displays the identifying name of this certificate. You can change the name. You

can use up to 31 alphanumeric and ;‘~!@#$%^&()_+[]{}’,.=-

characters.

Certification Path

Click the

Refresh

button to have this read-only text box display the end entity’s certificate

and a list of certification authority certificates that shows the hierarchy of certification

authorities that validate the end entity’s certificate. If the issuing certification authority is one

that you have imported as a trusted certificate, it may be the only certification authority in

the list (along with the end entity’s own certificate). The Zyxel Device does not trust the end

entity’s certificate and displays “Not trusted” in this field if any certificate on the path has

expired or been revoked.

Refresh

Click

Refresh

to display the certification path.

Enable X.509v3 CRL

Distribution Points

and OCSP checking

Select this check box to have the Zyxel Device check incoming certificates that are signed

by this certificate against a Certificate Revocation List (CRL) or an OCSP server. You also

need to configure the OSCP or LDAP server details.

OCSP Server

Select this check box if the directory server uses OCSP (Online Certificate Status Protocol).

URL

Type the protocol, IP address and pathname of the OCSP server.

The Zyxel Device may need to authenticate itself in order to assess the OCSP server. Type

the login name (up to 31 ASCII characters) from the entity maintaining the server (usually a

certification authority).

Password

Type the password (up to 31 ASCII characters) from the entity maintaining the OCSP server

(usually a certification authority).

LDAP Server

Select this check box if the directory server uses LDAP (Lightweight Directory Access

Protocol). LDAP is a protocol over TCP that specifies how clients access directories of

certificates and lists of revoked certificates.

Address

Type the IP address (in dotted decimal notation) of the directory server.

Port

Use this field to specify the LDAP server port number. You must use the same server port

number that the directory server uses. 389 is the default server port number for LDAP.

The Zyxel Device may need to authenticate itself in order to assess the CRL directory server.

Type the login name (up to 31 ASCII characters) from the entity maintaining the server

(usually a certification authority).

Password

Type the password (up to 31 ASCII characters) from the entity maintaining the CRL directory

server (usually a certification authority).

Certificate

Information

These read-only fields display detailed information about the certificate.

Type

This field displays general information about the certificate. CA-signed means that a

Certification Authority signed the certificate. Self-signed means that the certificate’s owner

signed the certificate (not a certification authority).

X.509 means that this certificate was

created and signed according to the ITU-T X.509 recommendation that defines the formats

for public-key certificates.

Version

This field displays the X.509 version number.

Serial Number

This field displays the certificate’s identification number given by the certification authority.

Subject

This field displays information that identifies the owner of the certificate, such as Common

Name (CN), Organizational Unit (OU), Organization (O) and Country (C).

Issuer

This field displays identifying information about the certificate’s issuing certification authority,

such as Common Name, Organizational Unit, Organization and Country.

With self-signed certificates, this is the same information as in the

Subject Name

field.

Signature Algorithm

This field displays the type of algorithm that was used to sign the certificate. Some

certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and

the SHA1 hash algorithm). Other certification authorities may use rsa-pkcs1-md5 (RSA

public-private key encryption algorithm and the MD5 hash algorithm).