A digital certificate is a secure means of authenticating the ZoneAlarm router to Remote Access VPN Clients. The certificate is issued by the Certificate Authority (CA) to entities such as gateways, users, or computers. The entity then uses the certificate to identify itself and provide verifiable information.
For instance, the certificate includes the Distinguished Name (DN) (identifying information) of the entity, as well as the public key (information about itself). After two entities exchange and validate each other's certificates, they can begin encrypting information between themselves using the public keys in the certificates.
The certificate also includes a fingerprint, a unique text used to identify the certificate. You can email your certificate's fingerprint to the remote user. Upon connecting to the ZoneAlarm VPN Server for the first time, the entity should check that the VPN peer's fingerprint displayed in the SecuRemote/SecureClient VPN Client is identical to the fingerprint received.
A certificate is required for the correct functioning of the ZoneAlarm VPN Server. When the gateway is started for the first time, a self-signed certificate is automatically generated for your gateway; therefore, you usually do not need to install a certificate and can skip this section.