Print out this category
Key Pair and Server Certificate when Using Encrypted SSL Communication
SMS is always SSL-connected, so it is required to specified a key pair and a server certificate as the key to be used.
The device has [ Default Key ] as the installed key pair and server certificate. However, if you want to use another key or if you have deleted the existing key by accident, you can use the following procedure to specify a key pair and a server certificate necessary for encrypted SSL communication.
Note:
MFP has a server certificate registered as standard.
For detailed procedures of the Default Key setting, refer to [e-Manual > Security].
As for SMS, by setting a Default Key, encrypted SSL communication is always executed regardless of the following setting: [Settings/Registration] > [Management Settings] (Settings/Registration) > [MEAP Settings] > [SSL Settings]: ON/OFF.
Generating a key pair
1) From a PC on the same network as the device, use a web browser to access the remote UI's portal page. Then, select [ Settings/Registration ] from the menu on the right side of the screen.
URL to access: http://<device's IP address>:8000/
2) Click [ Management Settings ] > [ Device Management ] > [ Certificate Settings ] > [ Key and Certificate Settings ].
3) Click [ Generate Key... ] button.
4) Click [ Network communication ].
5) Enter the necessary information, and then click the [ OK ] button.
Input example
Item name
Type
Content
Entry
Key Settings
Key Name
Compulsory
An arbitrary character string
Default Key
Signature Algorithm
Compulsory
Selected from:SHA1/SHA256/SHA384/SHA512
RSA
Key Algorithm
Compulsory
Selected from:512/1024/2048/4096
512
Certificate Settings
Validity Start Date
Compulsory
Date
15/5/2011
Validity End Date
Compulsory
Date
15/5/2036
Country/Region
Compulsory
Country or region name
US
Organization
Arbitrary
Organization name
-
State
Arbitrary
State name
-
Organization Unit
Arbitrary
Organization unit
-
Shared Name
Arbitrary
Shared Name*
-
Note:
When the IP address of the device has been entered in the [Shared Name] entry field, if you install a server certificate to the browser ( See "Installing a server certificate (reference information)" ), the message "Certificate Error" that usually appears when access is made from Internet Explorer 7 or later will not be displayed.
6) Check to see that the generated key appears in [ Key and Certificate Settings ].
Default Key Settings
1) Click [ Management Settings ] > [ Network Settings ] > [ TCP/IP Settings ] > [ SSL Settings ].
2) Click [ Key and Certificate... ] button.
3) Select the generated key, and then click the [ Default Key Settings ] button.
4) Check that [ SSL ] is displayed in the [ Key Usage ] entry field.
5) Log out from the remote UI, and then restart the device.
Installing a server certificate (reference information)
On Internet Explorer 7 (IE) or later, if [ Default Key ] installed as standard on the device is used, "Certificate Error" appears during access due to "Internet Explorer Enhanced Security Configuration".
Error display example
To disable display of "Certificate Error", use the following procedure (for IE8) to set the key generated in "Key Pair and Server Certificate when Using Encrypted SSL Communication" (i.e. the key with the IP address of the device specified as the shared name) as an SSL key.
1) Access SMS from the browser, and then click "Certificate Error" in the URL entry field.
2) Click [ View certificates ].
3) Click the [ Install Certificate... ] button on the [ General ] tab.
4) [ Certificate Import Wizard ] will appear. Click the [ Next ] button.
5) In [ Certificate Store ] , select the [ Place all certificates in the following store ] option, and then click the [ Browse ] button.
6) In [ Select Certificate Store ] , select [ Trusted Root Certification Authorities ] , and then click the [ OK ] button.
7) You will return to the [ Certificate Store ] dialog. Check that "Trusted Root Certification Authorities" appears in [ Certificate ] , and then click the [ Next ] button.
8) [ Completing the Certificate Import Wizard ] will appear. Click the [ Finish ] button.
9) A message will appear to indicate that import has been completed successfully. Click the [ OK ] button.