1 advantages of certificates, 2 self-signed certificates, 3 configuration summary – ZyXEL Communications P-2608HWL-Dx Series User Manual
Page 250: Figure 134 certificate configuration overview

P-2608HWL-Dx Series User’s Guide
250
Chapter 19 Certificates
A certification path is the hierarchy of certification authority certificates that validate a
certificate. The ZyXEL Device does not trust a certificate if any certificate on its path has
expired or been revoked.
Certification authorities maintain directory servers with databases of valid and revoked
certificates. A directory of certificates that have been revoked before the scheduled expiration
is called a CRL (Certificate Revocation List). The ZyXEL Device can check a peer’s
certificate against a directory server’s list of revoked certificates. The framework of servers,
software, procedures and policies that handles keys is called PKI (Public-Key Infrastructure).
19.1.1 Advantages of Certificates
Certificates offer the following benefits.
• The ZyXEL Device only has to store the certificates of the certification authorities that
you decide to trust, no matter how many devices you need to authenticate.
• Key distribution is simple and very secure since you can freely distribute public keys and
you never need to transmit private keys.
19.2 Self-signed Certificates
Until public-key infrastructure becomes more mature, it may not be available in some areas.
You can have the ZyXEL Device act as a certification authority and sign its own certificates.
19.3 Configuration Summary
This section summarizes how to manage certificates on the ZyXEL Device.
Figure 134 Certificate Configuration Overview