Certificates
Certificates Overview
The Zyxel Device can use certificates (also called digital IDs) to authenticate users. Certificates are based on public-private key pairs. A certificate contains the certificate owner’s identity and public key. Certificates provide a way to exchange public keys for use in authentication.
What You Need to Know
The following terms and concepts may help as you read through this chapter.
Certification Authority
A Certification Authority (CA) issues certificates and guarantees the identity of each certificate owner. There are commercial certification authorities like CyberTrust or VeriSign and government certification authorities. The certification authority uses its private key to sign certificates. Anyone can then use the certification authority's public key to verify the certificates. You can use the Zyxel Device to generate certification requests that contain identifying information and public keys and then send the certification requests to a certification authority.
Local Certificates
Use this screen to view the Zyxel Device’s summary list of certificates, generate certification requests, and import signed certificates. You can import the following certificates to your Zyxel Device:
Web Server – This certificate secures HTTP connections.
SSH – This certificate secures remote connections.
Click Security > Certificates to open the Local Certificates screen.
Security > Certificates > Local Certificates
The following table describes the labels in this screen.
Security > Certificates > Local Certificates 
Label
Description
Replace Private Key/Certificate file in PEM format
Private Key is protected by password
Select the check box and enter the private key into the text box to store it on the Zyxel Device. You can use up to 63 alphanumeric (0-9, a-z, A-Z) and special characters, including spaces.
Choose File/Browse
Click this button to find the certificate file you want to upload.
Import Certificate
Click this button to save the certificate that you have enrolled from a certification authority from your computer to the Zyxel Device.
Create Certificate Request
Click this button to go to the screen where you can have the Zyxel Device generate a certification request.
Current File
This field displays the name used to identify this certificate. It is recommended that you give each certificate a unique name.
Subject
This field displays identifying information about the certificate’s owner, such as CN (Common Name), OU (Organizational Unit or department), O (Organization or company) and C (Country). It is recommended that each certificate have a unique subject information.
Issuer
This field displays identifying information about the certificate’s issuing certification authority, such as a common name, organizational unit or department, organization or company and country.
Valid From
This field displays the date that the certificate becomes applicable. The text displays in red and includes a Not Yet Valid! message if the certificate has not yet become applicable.
Valid To
This field displays the date that the certificate expires. The text displays in red and includes an Expiring! or Expired! message if the certificate is about to expire or has already expired.
Modify
Click the View icon to open a screen with an in-depth list of information about the certificate.
For a certification request, click Load Signed to import the signed certificate.
Click the Remove icon to remove the certificate (or certification request). A window displays asking you to confirm that you want to delete the certificate. Note that subsequent certificates move up by one when you take this action.