13 Security - Encryption/Digital Signature
This chapter describes how to configure the encryption and digital signature features for the machine.
The following information is provided:
Types of Encryption/Digital Signature Services Available – page 297
Configuration of HTTPS (SSL/TLS) Communication Encryption – page 298
Configuration of
Configuration of Scan File Signatures (PDF/XPS Documents) – page 303
Configuration of IPsec – page 305
NOTE: Some of the features described in this chapter are optional, and may not apply to your machine configuration.
Types of Encryption/Digital Signature Services Available
The communication data between the machine and computers on a network can be encrypted.
Encryption for the machine, as described in this chapter, is set up using CentreWare Internet Services.
NOTE: For details on CentreWare Internet Services, refer to CentreWare Internet Services on page 147.
The quickest and easiest, although not the most reliable, method to use to set up initial HTTP communication encryption is the generation of a
To manage digital certificates stored in the machine, click [Machine Digital Certificate Management] in the [Security] folder on the [Properties] page of CentreWare Internet Services.
Encryption of HTTP Communications from a Client to the Machine (Server Certificate)
The SOAP port, Internet service (HTTP) port, IPP port, and WebDAV port use the HTTP server of the machine.
The SSL/TLS suite of protocols is used in the encryption of HTTP communications from a client to the machine. A user of a client computer accesses the machine’s HTTP server by typing “https://”, followed by the Internet address of the machine, into the [Address] box of a web browser application. The machine then offers the client a Digital Certificate, which the client accepts (after reviewing the validity of same). Upon acceptance of the Digital Certificate, a Public Key exchange takes place, encryption algorithms are agreed upon between the two parties, and the client uses the server’s Public Key to communicate with the server using digitally signed and encrypted data. Digital certificates imported from a Certificate Authority, or
297