Xerox 5222 manual Security - Encryption/Digital Signature, Configuration of IPsec – page

13 Security - Encryption/Digital Signature

This chapter describes how to configure the encryption and digital signature features for the machine.

The following information is provided:

Types of Encryption/Digital Signature Services Available – page 297

Configuration of HTTPS (SSL/TLS) Communication Encryption – page 298

Configuration of E-mail Encryption/Digital Signature – page 300

Configuration of Scan File Signatures (PDF/XPS Documents) – page 303

Configuration of IPsec – page 305

NOTE: Some of the features described in this chapter are optional, and may not apply to your machine configuration.

Types of Encryption/Digital Signature Services Available

The communication data between the machine and computers on a network can be encrypted.

Encryption for the machine, as described in this chapter, is set up using CentreWare Internet Services.

NOTE: For details on CentreWare Internet Services, refer to CentreWare Internet Services on page 147.

The quickest and easiest, although not the most reliable, method to use to set up initial HTTP communication encryption is the generation of a self-signed certificate (as stated under Configuration of HTTPS (SSL/TLS) Communication Encryption on page 298).

To manage digital certificates stored in the machine, click [Machine Digital Certificate Management] in the [Security] folder on the [Properties] page of CentreWare Internet Services.

Encryption of HTTP Communications from a Client to the Machine (Server Certificate)

The SOAP port, Internet service (HTTP) port, IPP port, and WebDAV port use the HTTP server of the machine.

The SSL/TLS suite of protocols is used in the encryption of HTTP communications from a client to the machine. A user of a client computer accesses the machine’s HTTP server by typing “https://”, followed by the Internet address of the machine, into the [Address] box of a web browser application. The machine then offers the client a Digital Certificate, which the client accepts (after reviewing the validity of same). Upon acceptance of the Digital Certificate, a Public Key exchange takes place, encryption algorithms are agreed upon between the two parties, and the client uses the server’s Public Key to communicate with the server using digitally signed and encrypted data. Digital certificates imported from a Certificate Authority, or self-signed certificates created with CentreWare Internet Services, can be used as SSL/TLS certificates on the machine’s HTTP server.

297