User's Manual

ManualsBrandsZyXEL ManualsNetworkingISG50

641

642

643

644

645

646

647

648

649

650

Chapter 50 Certificates

ISG50 User’s Guide

650

If you configured the My Certificate Create screen to have the ISG50 enroll a certificate and the

certificate enrollment is not successful, you see a screen with a Return button that takes you back

to the My Certificate Create screen. Click Return and check your information in the My

Certificate Create screen. Make sure that the certification authority information is correct and that

your Internet connection is working properly if you want the ISG50 to enroll a certificate online.

Create a certification

request and enroll for

a certificate

immediately online

Select this to have the ISG50 generate a request for a certificate and apply

to a certification authority for a certificate.

You must have the certification authority’s certificate already imported in the

Trusted Certificates screen.

When you select this option, you must select the certification authority’s

enrollment protocol and the certification authority’s certificate from the drop-

down list boxes and enter the certification authority’s server address. You

also need to fill in the Reference Number and Key if the certification

authority requires them.

Enrollment Protocol This field applies when you select Create a certification request and

enroll for a certificate immediately online. Select the certification

authority’s enrollment protocol from the drop-down list box.

Simple Certificate Enrollment Protocol (SCEP) is a TCP-based

enrollment protocol that was developed by VeriSign and Cisco.

Certificate Management Protocol (CMP) is a TCP-based enrollment

protocol that was developed by the Public Key Infrastructure X.509 working

group of the Internet Engineering Task Force (IETF) and is specified in RFC

2510.

CA Server Address This field applies when you select Create a certification request and

enroll for a certificate immediately online. Enter the IP address (or URL)

of the certification authority server.

For a URL, you can use up to 511 of the following characters. a-zA-Z0-9'()+,/

:.=?;!*#@$_%-

CA Certificate This field applies when you select Create a certification request and

enroll for a certificate immediately online. Select the certification

authority’s certificate from the CA Certificate drop-down list box.

You must have the certification authority’s certificate already imported in the

Trusted Certificates screen. Click Trusted CAs to go to the Trusted

Certificates screen where you can view (and manage) the ISG50's list of

certificates of trusted certification authorities.

Request

Authentication

When you select Create a certification request and enroll for a

certificate immediately online, the certification authority may want you

to include a reference number and key to identify you when you send a

certification request.

Fill in both the Reference Number and the Key fields if your certification

authority uses the CMP enrollment protocol. Just the Key field displays if

your certification authority uses the SCEP enrollment protocol.

For the reference number, use 0 to 99999999.

For the key, use up to 31 of the following characters. a-zA-Z0-

9;|`~!@#$%^&*()_+\{}':,./<>=-

OK Click OK to begin certificate or certification request generation.

Cancel Click Cancel to quit and return to the My Certificates screen.

Table 256 Configuration > Object > Certificate > My Certificates > Add (continued)

LABEL DESCRIPTION