Key Pair and Server Certificate when Using Encrypted SSL Communication
To use SMS via SSL connection, it is required to specify a key pair and server certificate as the key to be used.
Since a key (default key) that can be used for encrypted SSL communication is installed as standard on the device, advance setting of the key pair and server certificate is not required.
In order to use an encryption key other than the default key, follow the procedure "Generating a key pair" shown below to make settings for the key pair and server certificate necessary for encrypted SSL communication.
Note:
MFP has a server certificate registered as standard.
For detailed procedures of the Default Key setting, refer to [e-Manual > Security].
As for SMS, by setting a Default Key, encrypted SSL communication is always executed regardless of the following setting: [Settings/Registration] > [Management Settings] (Settings/Registration) > [MEAP Settings] > [SSL Settings]: ON/OFF.
Generating a key pair
1) From a PC on the same network as the device, use a web browser to access the remote UI's portal page. Then, select [ Settings/Registration ] from the menu on the right side of the screen.
URL to access: http://<device's IP address>:8000/
2) Click [ Management Settings ] > [ Device Management ] > [ Certificate Settings ] > [ Key and Certificate Settings ].
3) Click [ Generate Key... ] button.
4) Click [ Network communication ].
5) Enter the necessary information, and then click the [ OK ] button.
Input example
|
|
|
|
Key Settings
|
|
Key Name
|
Compulsory
|
An arbitrary character string
|
Default Key
|
Signature Algorithm
|
Compulsory
|
Selected from:SHA1/SHA256/SHA384/SHA512
|
SHA1
|
Key Algorithm
|
Compulsory
|
Selected from:512/1024/2048/4096
|
1024
|
Certificate Settings
|
|
Validity Start Date
|
Compulsory
|
Date
|
15/5/2011
|
Validity End Date
|
Compulsory
|
Date
|
15/5/2036
|
Country/Region
|
Compulsory
|
Country or region name
|
US
|
Organization
|
Arbitrary
|
Organization name
|
-
|
State
|
Arbitrary
|
State name
|
-
|
Organization Unit
|
Arbitrary
|
Organization unit
|
-
|
Shared Name
|
Arbitrary
|
Shared Name*
|
-
|
Note:
When the IP address of the device has been entered in the [Shared Name] entry field, if you install a server certificate to the browser ( See
"Installing a server certificate (reference information)" ), the message "Certificate Error" that usually appears when access is made from Internet Explorer 7 or later will not be displayed.
6) Check to see that the generated key appears in [ Key and Certificate Settings ].
Default Key Settings
1) Click [ Management Settings ] > [ Network Settings ] > [ TCP/IP Settings ] > [ SSL Settings ].
2) Click [ Key and Certificate... ] button.
3) Select the generated key, and then click the [ Default Key Settings ] button.
4) Check that [ SSL ] is displayed in the [ Key Usage ] entry field.
5) Log out from the remote UI, and then restart the device.
Installing a server certificate (reference information)
When you access a device where the key installed as standard [default key] is set as the key
for SSL, "Certificate Error" appears if the version of Internet Explorer (IE) is Version 7 or later.
Error display example
To disable display of "Certificate Error", use the following procedure (for IE8) to set the key generated in
"Key Pair and Server Certificate when Using Encrypted SSL Communication" (i.e. the key with the IP address of the device specified as the shared name) as an SSL key.
1) Access SMS from the browser, and then click "Certificate Error" in the URL entry field.
2) Click [ View certificates ].
3) Click the [ Install Certificate... ] button on the [ General ] tab.
4) [ Certificate Import Wizard ] will appear. Click the [ Next ] button.
5) In [ Certificate Store ] , select the [ Place all certificates in the following store ] option, and then click the [ Browse ] button.
6) In [ Select Certificate Store ] , select [ Trusted Root Certification Authorities ] , and then click the [ OK ] button.
7) You will return to the [ Certificate Store ] dialog. Check that "Trusted Root Certification Authorities" appears in [ Certificate ] , and then click the [ Next ] button.
8) [ Completing the Certificate Import Wizard ] will appear. Click the [ Finish ] button.
9) A message will appear to indicate that import has been completed successfully. Click the [ OK ] button.
10) A message will appear to indicate that import has been completed successfully. Click the [ OK ] button.