Home » ZyXEL Manuals » Networking » ZyXEL P-663HN-51 » Manual Viewer

ZyXEL P-663HN-51 User Guide - Page 139

Private-Public Certificates, 17.3.3 Verifying a Trusted Remote Host’s Certificate

Get ZyXEL P-663HN-51 PDF manuals and user guides

Add to My Manuals
Save this manual to your list of manuals

Page 139 highlights

Chapter 17 Certificates 17.3.2 Private-Public Certificates When using public-key cryptology for authentication, each host has two keys. One key is public and can be made openly available. The other key is private and must be kept secure. These keys work like a handwritten signature (in fact, certificates are often referred to as "digital signatures"). Only you can write your signature exactly as it should look. When people know what your signature looks like, they can verify whether something was signed by you, or by someone else. In the same way, your private key "writes" your digital signature and your public key allows people to verify whether data was signed by you, or by someone else. This process works as follows. 1 Tim wants to send a message to Jenny. He needs her to be sure that it comes from him, and that the message content has not been altered by anyone else along the way. Tim generates a public key pair (one public key and one private key). 2 Tim keeps the private key and makes the public key openly available. This means that anyone who receives a message seeming to come from Tim can read it and verify whether it is really from him or not. 3 Tim uses his private key to sign the message and sends it to Jenny. 4 Jenny receives the message and uses Tim's public key to verify it. Jenny knows that the message is from Tim, and that although other people may have been able to read the message, no-one can have altered it (because they cannot re-sign the message with Tim's private key). 5 Additionally, Jenny uses her own private key to sign a message and Tim uses Jenny's public key to verify the message. 17.3.3 Verifying a Trusted Remote Host's Certificate Certificates issued by certification authorities have the certification authority's signature for you to check. Self-signed certificates only have the signature of the host itself. This means that you must be very careful when deciding to import (and thereby trust) a remote host's self-signed certificate. Trusted Remote Host Certificate Fingerprints A certificate's fingerprints are message digests calculated using the MD5 or SHA1 algorithms. The following procedure describes how to use a certificate's fingerprint to verify that you have the remote host's correct certificate. P-663HN-51 User's Guide 139

Section	Page
P-663HN-51	1
About This User's Guide	3
Document Conventions	5
Safety Warnings	7
Contents Overview	9
Table of Contents	11
Introduction	19
Introducing the ZyXEL Device	21
1.1 Overview	21
1.2 Ways to Manage the ZyXEL Device	22
1.3 Good Habits for Managing the ZyXEL Device	23
1.4 Hardware Connections	23
1.4.1 Connecting POTS Splitters	23
1.4.2 Telephone Microfilters	24
1.5 System Startup and LEDs	25
Introducing the Web Configurator	27
2.1 Web Configurator Overview	27
2.2 Accessing the Web Configurator	27
2.2.1 User Access	28
2.2.2 Administrator Access	29
2.3 Resetting the ZyXEL Device	29
2.3.1 Using the Reset Button	29
2.4 Navigating the Web Configurator	30
Initial Configuration	35
3.1 WAN Configuration	35
3.2 QoS Configuration	36
3.3 Changing the Login Password	36
Device Information	37
4.1 Device Information Summary	37
4.2 WAN Information	39
4.3 LAN Statistics	40
4.4 WAN Statistics	41
4.5 ATM Statistics	42
4.6 ADSL Statistics	44
4.7 ADSL BER Test	46
4.8 Route Info	47
4.9 ARP Info	48
4.9.1 DHCP Table	48
Advanced	51
WAN Setup	53
5.1 WAN Overview	53
5.1.1 VPI and VCI	53
5.1.2 Multiplexing	53
5.2 Traffic Shaping	54
5.2.1 ATM Traffic Classes	54
5.3 WAN	55
5.4 WAN ATM PVC Configuration and QoS	57
5.5 Connection Types	58
5.5.1 PPPoA	58
5.5.2 PPPoE	59
5.5.3 MER	59
5.5.4 IPoA	59
5.5.5 Bridging	59
5.6 Encapsulation	59
5.6.1 LLC-based Encapsulation	60
5.6.2 VC-based Encapsulation	60
5.7 WAN Connection Type and Encapsulation Mode	60
5.8 NAT	61
5.9 Nailed-Up Connection (PPP)	61
5.10 PPPoA WAN Connection Setup	62
5.11 PPPoE WAN Connection Setup	65
5.12 MER WAN Connection Setup	68
5.13 IPoA WAN Connection Setup	69
5.14 Bridge WAN Connection Setup	70
5.15 IGMP Multicast	70
5.16 NAT, IGMP Multicast, and WAN Service	72
5.17 WAN Setup Summary	73
LAN Setup	75
6.1 LAN Overview	75
6.1.1 LAN, WAN and the ZyXEL Device	75
6.1.2 DHCP Setup	76
6.2 LAN TCP/IP	76
6.2.1 IP Address and Subnet Mask	76
6.3 Multicast	77
6.4 Introducing Universal Plug and Play	78
6.4.1 How do I know if I'm using UPnP?	78
6.4.2 NAT Traversal	78
6.4.3 Cautions with UPnP	79
6.5 LAN Setup	80
6.6 The DHCP Static Lease Screen	82
Network Address Translation (NAT) Screens	83
7.1 NAT Overview	83
7.2 NAT Virtual Servers	83
7.2.1 Virtual Server: Services and Port Numbers	84
7.2.2 Virtual Servers Example	84
7.3 Configuring Virtual Servers	84
7.3.1 Virtual Server Rule Add	86
7.4 Port Triggering	87
7.5 Port Triggering Add	89
7.6 DMZ Host	90
Security	93
8.1 Outgoing IP Filtering	93
8.2 Adding Outgoing IP Filtering Rules	94
8.3 Incoming IP Filtering	95
8.4 Adding Incoming IP Filtering Rules	96
Parental Control (Blocking Schedule)	99
9.1 Adding Parental Control (Blocking Schedule) Entries	100
Quality of Service (QoS)	103
10.1 QoS Overview	103
10.1.1 IEEE 802.1Q Tag	103
10.1.2 IP Precedence	104
10.1.3 DiffServ	104
10.2 Configuring QoS General Screen	105
10.3 Queue Configuration	107
10.4 Adding a Queue	108
10.5 Class Setup	109
10.5.1 Configuring a QoS Class	110
Routing	115
11.1 Default Gateway Setup	115
11.2 Static Route	116
11.3 Configuring Static Route	117
11.3.1 Static Route Add	117
RIP	119
12.1 RIP Setup	119
DNS Setup	121
13.1 DNS Server Address	121
13.2 DNS Setup	122
Dynamic DNS Setup	123
14.1 Dynamic DNS Overview	123
14.1.1 DYNDNS Wildcard	123
14.2 Dynamic DNS	124
14.3 Configuring Dynamic DNS	125
DSL Setup	127
15.1 DSL Setup	127
Interface Group	129
16.1 Interface Groups Overview	129
16.2 Interface Groups Setup	129
16.3 Adding an Interface Group	131
Certificates	133
17.1 Overview	133
17.1.1 What You Can Do in the Certificates Screens	133
17.1.2 What You Need to Know About Certificates	133
17.2 Trusted CA Certificates Screen	134
17.2.1 Trusted CA Details	136
17.2.2 Trusted CA Import	137
17.3 Certificates Technical Reference	137
17.3.1 Certificates Overview	138
17.3.2 Private-Public Certificates	139
17.3.3 Verifying a Trusted Remote Host’s Certificate	139
Wireless LAN	141
18.1 Overview	141
18.1.1 What You Can Do in this Chapter	141
18.2 What You Need to Know	142
18.3 Before You Begin	144
18.4 Wireless Basic	144
18.5 Wireless Security	147
18.6 The MAC Filter Screen	152
18.6.1 The MAC Filter Add Screen	153
18.7 Wireless Bridge Screen	154
18.8 The Advanced Setup Screen	155
18.9 Wireless Station Info	159
18.10 Technical Reference	160
18.10.1 Wireless Network Overview	160
18.10.2 Additional Wireless Terms	161
18.10.3 Wireless Security Overview	161
18.10.4 WiFi Protected Setup	164
18.10.5 Vista as a WPS External Registrar	170
Diagnostics and Management	173
Diagnostics	175
19.1 Diagnostics	175
Settings	177
20.1 Backup Configuration Using the Web Configurator	177
20.2 Restore Configuration Using the Web Configurator	178
20.3 Restoring Factory Defaults	179
Logs	181
21.1 Logs Overview	181
21.2 System Log	181
21.3 Viewing the System Log	182
21.4 Configuring Log Settings	183
SNMP	185
22.1 SNMP Overview	185
22.1.1 Supported MIBs	186
22.2 SNMP Screen	187
TR-069 Client	189
23.1 TR-069 Client Screen	189
Time	191
24.1 Time Setup	191
Access Control	193
25.1 Access Control Screen	193
25.2 Service Access Control Screen	193
25.3 IP Addresses	194
25.4 Adding IP Addresses	195
25.5 Passwords	195
25.6 Authentication	197
Update Software	199
26.1 Uploading Firmware	199
Save/Reboot and Logout	201
27.1 Save/Reboot	201
27.2 Logout	201
Troubleshooting and Specifications	203
Troubleshooting	205
28.1 Power, Hardware Connections, and LEDs	205
28.2 ZyXEL Device Access and Login	206
28.3 Internet Access	207
Product Specifications	209
29.1 DSL Connector Pin Assignments	213
29.2 Power Adaptor Specifications	214
Appendices and Index	215
Setting Up Your Computer’s IP Address	217
Pop-up Windows, JavaScripts and Java Permissions	243
IP Addresses and Subnetting	253
Wireless LANs	265
Common Services	281
Open Software Announcements	285
Legal Information	291

Match case Limit results 1 per page

Chapter 17 Certificates

P-663HN-51 User’s Guide

139

17.3.2

Private-Public Certificates

When using public-key cryptology for authentication, each host has two keys. One

key is public and can be made openly available. The other key is private and must

be kept secure.

These keys work like a handwritten signature (in fact, certificates are often

referred to as “digital signatures”). Only you can write your signature exactly as it

should look. When people know what your signature looks like, they can verify

whether something was signed by you, or by someone else. In the same way, your

private key “writes” your digital signature and your public key allows people to

verify whether data was signed by you, or by someone else. This process works as

follows.

Tim wants to send a message to Jenny. He needs her to be sure that it comes from

him, and that the message content has not been altered by anyone else along the

way. Tim generates a public key pair (one public key and one private key).

Tim keeps the private key and makes the public key openly available. This means

that anyone who receives a message seeming to come from Tim can read it and

verify whether it is really from him or not.

Tim uses his private key to sign the message and sends it to Jenny.

Jenny receives the message and uses Tim’s public key to verify it. Jenny knows

that the message is from Tim, and that although other people may have been able

to read the message, no-one can have altered it (because they cannot re-sign the

message with Tim’s private key).

Additionally, Jenny uses her own private key to sign a message and Tim uses

Jenny’s public key to verify the message.

17.3.3

Verifying a Trusted Remote Host’s Certificate

Certificates issued by certification authorities have the certification authority’s

signature for you to check. Self-signed certificates only have the signature of the

host itself. This means that you must be very careful when deciding to import (and

thereby trust) a remote host’s self-signed certificate.

Trusted Remote Host Certificate Fingerprints

A certificate’s fingerprints are message digests calculated using the MD5 or SHA1

algorithms. The following procedure describes how to use a certificate’s fingerprint

to verify that you have the remote host’s correct certificate.