Encryption and Digital Signature Overview
449
Encryption and Digital Signature Settings
13
Encrypting HTTP Communications from a Client to the Machine (SSL/TLS Server)
The SOAP, Internet Services (HTTP), IPP, and WebDAV ports use the HTTP server of the
machine.
The SSL/TLS protocol is used to encrypt the HTTP communications between a client and the
machine.
z
If the certificate for the SSL server contains the V3 extension "keyUsage", "digitalSignature" must be asserted.
Refer to "How to check the certificate settings on Windows" (P.447).
To encrypt communications, either one of the device certificate is required: a self-signed
certificate or a certificate issued by another CA.
z
By encrypting HTTP communications, communications data can be encrypted at the time of printing using
IPP (SSL encrypted communications).
z
For information on the setting procedure, refer to "Configuration of HTTP Communications Encryption" (P.451).
Encrypting HTTP Communications from the Machine to a Remote Server (SSL/TLS Client)
The SSL/TLS protocol is used to encrypt the HTTP communications between a remote server
and the machine. No certificate is required in general. However, if a remote server is set to
require an SSL client certificate, you can use a certificate issued by another CA. When
verification of server certificates is enabled to verify the SSL/TLS certificate of a remote
server, import a certificate issued by another CA using CentreWare Internet Services to the
machine.
When verifying a SSL/TLS server certificate of a remote server with the verification of the
server certificate enabled, import the certificate of the CA included in the higher level of the
certificate path to the machine using CentreWare Internet Services.
z
If the certificate for the SSL client contains the V3 extension "keyUsage", "digitalSignature" must be asserted.
For information on how to check it on Windows, refer to "How to check the certificate settings on Windows"
(P.447).
Encryption using IPsec
IPsec enables IP-level (not application-level) encrypted communications with remote
devices.
If you select [Authenticate by Digital Signature] for [IKE Authentication Method], a
certificate issued by another CA is required.
If you select [Authenticate by Preshared Key], no device certificate is required.
z
If the certificate for IPsec contains the V3 extension (keyUsage), "digitalSignature" bit must be asserted. For
information on how to check it on Windows, refer to "How to check the certificate settings on Windows"
(P.447).
z
For information on IKE authentication methods, refer to "IPsec Settings" (P.261).
z
For information on the setting procedure, refer to "Configuration of Encryption using IPsec" (P.454).
To verify the certificate of the remote device, you must register a root certificate created by
a CA of the remote device on the machine.
z
To use certificates that have already been created, import them with CentreWare Internet Services.
To Next Page
Loading...
Need help?
General
