13 Security - Encryption/Digital Signature

Encryption of HTTP Communications from the Machine to a Remote Server (Client Certificate)

The SSL/TLS suite of protocols is used to encrypt HTTP communications with a remote server.

No client certificate is typically required for this activity. However, if a remote server is set to require an SSL client certificate, an SSL/TLS client certificate must be registered on the machine.

Digital certificates imported from a Certificate Authority can be used as SSL/TLS certificates on the machine’s HTTP server.

NOTE: When Remote Server Certificate Validation is enabled, under [SSL/TLS Settings] in CentreWare Internet Services, the root certificate of the remote server must be registered to the machine (imported with Internet Services) to verify the digital certificate.

E-mail Encryption/Digital Signature

S/MIME certificates, imported from a Certificate Authority (in PKCS7 format), can be used on the machine’s HTTP server for e-mail encryption.

To import S/MIME certificates, use [Machine Digital Certificate Management] in the [Security] folder on the [Properties] page of CentreWare Internet Services.

Encryption/Digital Signature of Scanned Files (PDF/XPS Documents)

While no digital signatures are required to encrypt PDF and XPS documents, these documents can be signed with imported PKCS12 digital signatures.

When digital signatures are added to PDF or XPS documents, scan file certificates imported to the machine from a Certificate Authority are typically used.

To import PKCS12 scan file certificates, use [Machine Digital Certificate Management] in the [Security] folder on the [Properties] page of CentreWare Internet Services.

IPsec

IPsec (typically used to encrypt FTP) can be enabled from the [Security] folder on the [Properties] page of CentreWare Internet Services.

Configuration of HTTPS (SSL/TLS) Communication Encryption

Installation Overview

Configuration on the Machine

Two methods are available depending on the type of certificate.

-Create a self-signed certificate on the machine with CentreWare Internet Services, and enable HTTPS. This method is used primarily for server certificates.

-Enable HTTPS, and import a signed certificate from a Certificate Authority using [Machine Digital Certificate Management] in the [Security] folder on the [Properties] page of CentreWare Internet Services.

NOTE: To see [Certificate Management], at least one certificate must have been created and stored on the machine. This is one of the reasons for creating a self- signed certificate.

306

Page 306
Image 306
Xerox 5230A, 5225A manual Configuration of Https SSL/TLS Communication Encryption, Installation Overview, IPsec