1 advantages of certificates, 2 self-signed certificates, 3 configuration summary – ZyXEL Communications P-2608HWL-Dx Series User Manual

P-2608HWL-Dx Series User’s Guide

250

Chapter 19 Certificates

A certification path is the hierarchy of certification authority certificates that validate a
certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has
expired or been revoked.

Certification authorities maintain directory servers with databases of valid and revoked
certificates. A directory of certificates that have been revoked before the scheduled expiration
is called a CRL (Certificate Revocation List). The ZyXEL Device can check a peer’s
certificate against a directory server’s list of revoked certificates. The framework of servers,
software, procedures and policies that handles keys is called PKI (Public-Key Infrastructure).

19.1.1 Advantages of Certificates

Certificates offer the following benefits.

• The ZyXEL Device only has to store the certificates of the certification authorities that

you decide to trust, no matter how many devices you need to authenticate.

• Key distribution is simple and very secure since you can freely distribute public keys and

you never need to transmit private keys.

19.2 Self-signed Certificates

Until public-key infrastructure becomes more mature, it may not be available in some areas.
You can have the ZyXEL Device act as a certification authority and sign its own certificates.

19.3 Configuration Summary

This section summarizes how to manage certificates on the ZyXEL Device.

Figure 134 Certificate Configuration Overview