Home » ZyXEL Manuals » Networking » ZyXEL P-2802HW-I1 » Manual Viewer

ZyXEL P-2802HW-I1 User Guide - Page 225

Certificates, P-2802HWL-I Series User's Guide, Trusted CA Details

Get ZyXEL P-2802HW-I1 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 225 highlights

Chapter 15 Certificates The following table describes the labels in this screen. Table 90 Trusted CA Details LABEL DESCRIPTION Certificate Name This field displays the identifying name of this certificate. If you want to change the name, type up to 31 characters to identify this key certificate. You may use any character (not including spaces). Property Issues certificate revocation lists (CRLs) Select this check box to have the ZyXEL Device check incoming certificates that are issued by this certification authority against a Certificate Revocation List (CRL). Clear this check box to have the ZyXEL Device not check incoming certificates that are issued by this certification authority against a Certificate Revocation List (CRL). Certification Path Click the Refresh button to have this read-only text box display the end entity's certificate and a list of certification authority certificates that shows the hierarchy of certification authorities that validate the end entity's certificate. If the issuing certification authority is one that you have imported as a trusted certification authority, it may be the only certification authority in the list (along with the end entity's own certificate). The ZyXEL Device does not trust the end entity's certificate and displays "Not trusted" in this field if any certificate on the path has expired or been revoked. Refresh Click Refresh to display the certification path. Certificate Information These read-only fields display detailed information about the certificate. Type This field displays general information about the certificate. CA-signed means that a Certification Authority signed the certificate. Self-signed means that the certificate's owner signed the certificate (not a certification authority). X.509 means that this certificate was created and signed according to the ITU-T X.509 recommendation that defines the formats for public-key certificates. Version This field displays the X.509 version number. Serial Number This field displays the certificate's identification number given by the certification authority. Subject This field displays information that identifies the owner of the certificate, such as Common Name (CN), Organizational Unit (OU), Organization (O) and Country (C). Issuer This field displays identifying information about the certificate's issuing certification authority, such as Common Name, Organizational Unit, Organization and Country. With self-signed certificates, this is the same information as in the Subject Name field. Signature Algorithm This field displays the type of algorithm that was used to sign the certificate. Some certification authorities use rsa-pkcs1-sha1 (RSA public-private key encryption algorithm and the SHA1 hash algorithm). Other certification authorities may use rsa-pkcs1-md5 (RSA public-private key encryption algorithm and the MD5 hash algorithm). Valid From This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable. Valid To This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired. Key Algorithm This field displays the type of algorithm that was used to generate the certificate's key pair (the ZyXEL Device uses RSA encryption) and the length of the key set in bits (1024 bits for example). P-2802H(W)(L)-I Series User's Guide 225

Section	Page
User's Guide	1
About This User's Guide	3
Document Conventions	4
Safety Warnings	6
Contents Overview	9
Table of Contents	11
List of Figures	21
List of Tables	27
Introduction	33
Introducing the ZyXEL Device	35
1.1 Overview	35
1.2 Ways to Manage the ZyXEL Device	36
1.3 Good Habits for Managing the ZyXEL Device	37
1.4 Applications for the ZyXEL Device	37
1.4.1 Secure Internet Access	37
1.4.2 Wireless LAN Application	38
1.4.3 Making Calls via Internet Telephony Service Provider	38
1.4.4 Making Peer-to-peer Calls	39
1.5 LEDs	40
1.6 The RESET Button	41
1.6.1 Using The Reset Button	41
Introducing the Web Configurator	43
2.1 Web Configurator Overview	43
2.1.1 Accessing the Web Configurator	43
2.2 Web Configurator Main Screen	46
2.2.1 Title Bar	46
2.2.2 Navigation Panel	47
2.2.3 Main Window	49
2.2.4 Status Bar	49
Wizard	51
Internet and Wireless Setup Wizard	53
3.1 Introduction	53
3.2 Internet Access Wizard Setup	53
3.3 Wireless Connection Wizard Setup	58
3.3.1 Manually Assign a WPA-PSK key	61
3.3.2 Manually Assign a WEP Key	61
VoIP Wizard And Example	65
4.1 Introduction	65
4.2 VoIP Wizard Setup	65
Advanced	71
Status Screens	73
5.1 Status Screen	73
5.2 Any IP Table	76
5.3 WLAN Status (“W” models only)	77
5.4 Packet Statistics	77
5.5 VoIP Statistics	79
WAN Setup	83
6.1 WAN Overview	83
6.1.1 PPP over Ethernet	83
6.1.2 IP Address Assignment	83
6.1.3 Nailed-Up Connection (PPP)	84
6.2 Internet Access Setup	84
6.2.1 Advanced Internet Access Setup	86
6.3 WAN Interface Setup	87
LAN Setup	89
7.1 LAN Overview	89
7.1.1 LANs, WANs and the ZyXEL Device	89
7.1.2 DHCP Setup	90
7.2 DNS Server Addresses	90
7.3 LAN TCP/IP	90
7.3.1 IP Address and Subnet Mask	91
7.3.2 RIP Setup	92
7.3.3 Multicast	92
7.3.4 Any IP	93
7.4 Configuring LAN IP	94
7.4.1 Configuring Advanced LAN Setup	95
7.5 DHCP Setup	96
7.6 LAN Client List	97
7.7 LAN IP Alias	99
Wireless LAN	101
8.1 Wireless Network Overview	101
8.2 Wireless Security Overview	102
8.2.1 SSID	102
8.2.2 MAC Address Filter	102
8.2.3 User Authentication	102
8.2.4 Encryption	103
8.2.5 One-Touch Intelligent Security Technology (OTIST)	104
8.3 Additional Wireless Terms	104
8.4 General WLAN Screen	104
8.4.1 No Security	105
8.4.2 WEP Encryption Screen	106
8.4.3 WPA(2)-PSK	107
8.4.4 WPA(2) Authentication Screen	109
8.4.5 Wireless LAN Advanced Setup	110
8.5 OTIST Screen	111
8.5.1 Notes on OTIST	113
8.6 MAC Filter	114
Network Address Translation (NAT) Screens	117
9.1 NAT General Overview	117
9.1.1 NAT Definitions	117
9.1.2 What NAT Does	118
9.1.3 How NAT Works	118
9.1.4 NAT Application	118
9.1.5 NAT Mapping Types	119
9.2 SUA (Single User Account) Versus NAT	120
9.3 NAT General Setup	120
9.4 Port Forwarding	121
9.4.1 Default Server IP Address	122
9.4.2 Port Forwarding: Services and Port Numbers	122
9.4.3 Configuring Servers Behind Port Forwarding (Example)	122
9.5 Configuring Port Forwarding	123
9.5.1 Port Forwarding Rule Edit	124
9.6 Address Mapping	125
9.6.1 Address Mapping Rule Edit	126
9.6.2 SIP ALG	128
Voice	129
10.1 Introduction to VoIP	129
10.2 SIP	129
10.2.1 SIP Identities	129
10.2.2 SIP Call Progression	130
10.2.3 SIP Servers	130
10.2.4 RTP	132
10.2.5 Pulse Code Modulation	132
10.2.6 Voice Coding	132
10.2.7 PSTN Call Setup Signaling	133
10.2.8 MWI (Message Waiting Indication)	133
10.2.9 Custom Tones (IVR)	133
10.3 Quality of Service (QoS)	134
10.3.1 Type of Service (ToS)	134
10.3.2 DiffServ	134
10.3.3 VLAN Tagging	135
10.4 SIP Settings Screen	135
10.5 Advanced SIP Setup Screen	137
10.6 SIP QoS Screen	141
10.7 Phone	141
10.7.1 Voice Activity Detection/Silence Suppression	141
10.7.2 Comfort Noise Generation	142
10.7.3 Echo Cancellation	142
10.8 Analog Phone Screen	142
10.9 Advanced Analog Phone Setup Screen	143
10.10 Common Phone Settings Screen	144
10.11 Phone Services Overview	145
10.11.1 The Flash Key	145
10.11.2 Europe Type Supplementary Phone Services	145
10.11.3 USA Type Supplementary Services	147
10.12 Phone Region Screen	148
10.13 Speed Dial	148
10.14 Incoming Call Policy Screen	150
10.15 PSTN Line (“L” models only)	152
10.16 PSTN Line Screen (“L” models only)	152
Firewalls	155
11.1 Firewall Overview	155
11.1.1 Stateful Inspection Firewall	155
11.1.2 About the ZyXEL Device Firewall	155
11.1.3 Guidelines For Enhancing Security With Your Firewall	156
11.2 General Firewall Policy Overview	156
11.3 Security Considerations	158
11.4 Triangle Route	158
11.4.1 The “Triangle Route” Problem	158
11.4.2 Solving the “Triangle Route” Problem	159
11.5 General Firewall Policy	160
11.6 Firewall Rules Summary	161
11.6.1 Configuring Firewall Rules	163
11.6.2 Customized Services	166
11.6.3 Configuring A Customized Service	166
11.7 Example Firewall Rule	167
11.8 Firewall Thresholds	171
11.8.1 Threshold Values	172
11.8.2 Configuring Firewall Thresholds	172
Content Filtering	175
12.1 Content Filtering Overview	175
12.2 Configuring Keyword Blocking	175
12.3 Configuring the Schedule	176
12.4 Configuring Trusted Computers	177
Introduction to IPSec	179
13.1 VPN Overview	179
13.1.1 IPSec	179
13.1.2 Security Association	179
13.1.3 Other Terminology	179
13.1.4 VPN Applications	180
13.2 IPSec Architecture	180
13.2.1 IPSec Algorithms	181
13.2.2 Key Management	181
13.3 Encapsulation	181
13.3.1 Transport Mode	182
13.3.2 Tunnel Mode	182
13.4 IPSec and NAT	182
VPN Screens	185
14.1 VPN/IPSec Overview	185
14.2 IPSec Algorithms	185
14.2.1 AH (Authentication Header) Protocol	185
14.2.2 ESP (Encapsulating Security Payload) Protocol	185
14.3 My IP Address	186
14.4 Secure Gateway Address	186
14.4.1 Dynamic Secure Gateway Address	187
14.5 VPN Setup Screen	187
14.6 Keep Alive	189
14.7 VPN, NAT, and NAT Traversal	189
14.8 Remote DNS Server	190
14.9 ID Type and Content	191
14.9.1 ID Type and Content Examples	192
14.10 Pre-Shared Key	193
14.11 Editing VPN Policies	193
14.12 IKE Phases	198
14.12.1 Negotiation Mode	199
14.12.2 Diffie-Hellman (DH) Key Groups	199
14.12.3 Perfect Forward Secrecy (PFS)	200
14.13 Configuring Advanced IKE Settings	200
14.14 Manual Key Setup	202
14.14.1 Security Parameter Index (SPI)	202
14.15 Configuring Manual Key	203
14.16 Viewing SA Monitor	205
14.17 Configuring Global Setting	207
14.18 Telecommuter VPN/IPSec Examples	207
14.18.1 Telecommuters Sharing One VPN Rule Example	207
14.18.2 Telecommuters Using Unique VPN Rules Example	208
14.19 VPN and Remote Management	210
Certificates	211
15.1 Certificates Overview	211
15.1.1 Advantages of Certificates	212
15.2 Self-signed Certificates	212
15.3 Configuration Summary	212
15.4 My Certificates	212
15.5 My Certificate Import	214
15.5.1 Certificate File Formats	215
15.6 My Certificate Create	216
15.7 My Certificate Details	218
15.8 Trusted CAs	221
15.9 Trusted CA Import	223
15.10 Trusted CA Details	224
15.11 Trusted Remote Hosts	226
15.12 Verifying a Trusted Remote Host’s Certificate	228
15.12.1 Trusted Remote Host Certificate Fingerprints	228
15.13 Trusted Remote Hosts Import	229
15.14 Trusted Remote Host Certificate Details	229
15.15 Directory Servers	232
15.16 Directory Server Add and Edit	233
Static Route	235
16.1 Static Route	235
16.2 Configuring Static Route	235
16.2.1 Static Route Edit	236
Quality of Service (QoS)	239
17.1 QoS Overview	239
17.1.1 IEEE 802.1Q Tag	239
17.1.2 IP Precedence	240
17.1.3 DiffServ	240
17.1.4 Automatical Priority Queue Assignment	241
17.2 Configuring QoS General Screen	241
17.3 Class Setup	242
17.3.1 Class Configuration	243
17.3.2 QoS Example	246
17.4 QoS Monitor	248
Dynamic DNS Setup	251
18.1 Dynamic DNS Overview	251
18.1.1 DYNDNS Wildcard	251
18.2 Configuring Dynamic DNS	251
Remote Management Configuration	255
19.1 Remote Management Overview	255
19.1.1 Remote Management Limitations	256
19.1.2 Remote Management and NAT	256
19.1.3 System Timeout	256
19.2 WWW (HTTP and HTTPS)	257
19.3 WWW	258
19.4 HTTPS Example	259
19.4.1 Internet Explorer Warning Messages	259
19.4.2 Netscape Navigator Warning Messages	260
19.4.3 Avoiding the Browser Warning Messages	260
19.4.4 Login Screen	261
19.5 Telnet	263
19.6 Configuring Telnet	263
19.7 Configuring FTP	264
19.8 SNMP	265
19.8.1 Supported MIBs	266
19.8.2 SNMP Traps	267
19.8.3 Configuring SNMP	267
19.9 Configuring DNS	268
19.10 Configuring ICMP	269
Universal Plug-and-Play (UPnP)	271
20.1 Introducing Universal Plug and Play	271
20.1.1 How do I know if I'm using UPnP?	271
20.1.2 NAT Traversal	271
20.1.3 Cautions with UPnP	271
20.2 UPnP and ZyXEL	272
20.2.1 Configuring UPnP	272
20.3 Installing UPnP in Windows Example	273
20.4 Using UPnP in Windows XP Example	276
Maintenance, Troubleshooting and Specifications	283
System	285
21.1 General Setup and System Name	285
21.1.1 General Setup	285
21.2 Time Setting	287
Logs	289
22.1 Logs Overview	289
22.1.1 Alerts and Logs	289
22.2 Viewing the Logs	289
22.3 Configuring Log Settings	290
22.4 SMTP Error Messages	292
22.4.1 Example E-mail Log	293
22.5 Log Descriptions	294
Tools	303
23.1 Introduction	303
23.2 Filename Conventions	303
23.3 File Maintenance Over WAN	304
23.4 Firmware Upgrade Screen	305
23.5 Backup and Restore	306
23.5.1 Backup Configuration	307
23.5.2 Restore Configuration	307
23.5.3 Reset to Factory Defaults	308
23.6 Restart	309
23.7 Using FTP or TFTP to Back Up Configuration	309
23.7.1 Using the FTP Commands to Back Up Configuration	309
23.7.2 FTP Command Configuration Backup Example	310
23.7.3 Configuration Backup Using GUI-based FTP Clients	310
23.7.4 Backup Configuration Using TFTP	310
23.7.5 TFTP Command Configuration Backup Example	311
23.7.6 Configuration Backup Using GUI-based TFTP Clients	311
23.8 Using FTP or TFTP to Restore Configuration	312
23.8.1 Restore Using FTP Session Example	312
23.9 FTP and TFTP Firmware and Configuration File Uploads	312
23.9.1 FTP File Upload Command from the DOS Prompt Example	313
23.9.2 FTP Session Example of Firmware File Upload	313
23.9.3 TFTP File Upload	313
23.9.4 TFTP Upload Command Example	314
Diagnostic	315
24.1 General Diagnostic	315
24.2 DSL Line Diagnostic	315
Troubleshooting	317
25.1 Power, Hardware Connections, and LEDs	317
25.2 ZyXEL Device Access and Login	318
25.3 Internet Access	320
25.4 Phone Calls and VoIP	321
25.5 Problems With Multiple SIP Accounts	322
25.5.1 Outgoing Calls	322
25.5.2 Incoming Calls	323
Product Specifications	325
Appendices and Index	335
Setting up Your Computer’s IP Address	337
Pop-up Windows, JavaScripts and Java Permissions	349
IP Addresses and Subnetting	355
Wireless LANs	363
Services	373
Internal SPTGEN	377
Legal Information	401
Customer Support	405

Match case Limit results 1 per page

Chapter 15 Certificates

P-2802H(W)(L)-I Series User’s Guide

225

The following table describes the labels in this screen.

Table 90

Trusted CA Details

LABEL

DESCRIPTION

Certificate Name

This field displays the identifying name of this certificate. If you want to change

the name, type up to 31 characters to identify this key certificate. You may use

any character (not including spaces).

Property

Issues certificate

revocation lists

(CRLs)

Select this check box to have the ZyXEL Device check incoming certificates that

are issued by this certification authority against a Certificate Revocation List

(CRL).

Clear this check box to have the ZyXEL Device not check incoming certificates

that are issued by this certification authority against a Certificate Revocation List

(CRL).

Certification Path

Click the

Refresh

button to have this read-only text box display the end entity’s

certificate and a list of certification authority certificates that shows the hierarchy

of certification authorities that validate the end entity’s certificate. If the issuing

certification authority is one that you have imported as a trusted certification

authority, it may be the only certification authority in the list (along with the end

entity’s own certificate). The ZyXEL Device does not trust the end entity’s

certificate and displays “Not trusted” in this field if any certificate on the path has

expired or been revoked.

Refresh

Click

Refresh

to display the certification path.

Certificate

Information

These read-only fields display detailed information about the certificate.

Type

This field displays general information about the certificate. CA-signed means

that a Certification Authority signed the certificate. Self-signed means that the

certificate’s owner signed the certificate (not a certification authority).

X.509

means that this certificate was created and signed according to the ITU-T X.509

recommendation that defines the formats for public-key certificates.

Version

This field displays the X.509 version number.

Serial Number

This field displays the certificate’s identification number given by the certification

authority.

Subject

This field displays information that identifies the owner of the certificate, such as

Common Name (CN), Organizational Unit (OU), Organization (O) and Country

(C).

Issuer

This field displays identifying information about the certificate’s issuing

certification authority, such as Common Name, Organizational Unit,

Organization and Country.

With self-signed certificates, this is the same information as in the

Subject

Name

field.

Signature Algorithm

This field displays the type of algorithm that was used to sign the certificate.

Some certification authorities use rsa-pkcs1-sha1 (RSA public-private key

encryption algorithm and the SHA1 hash algorithm). Other certification

authorities may use rsa-pkcs1-md5 (RSA public-private key encryption

algorithm and the MD5 hash algorithm).

Valid From

This field displays the date that the certificate becomes applicable. The text

displays in red and includes a Not Yet Valid! message if the certificate has not

yet become applicable.

Valid To

This field displays the date that the certificate expires. The text displays in red

and includes an Expiring! or Expired! message if the certificate is about to expire

or has already expired.

Key Algorithm

This field displays the type of algorithm that was used to generate the

certificate’s key pair (the ZyXEL Device uses RSA encryption) and the length of

the key set in bits (1024 bits for example).