Installing a Certificate File
You can use the Remote UI to install the key pair, user certificate, and certificate revocation list required for user signatures in the machine.
You can also install the key pair file and certificate file used for the functions below, to the machine from the Remote UI. To use the files installed as a key pair and certificate, it is necessary to register them from the control panel of the machine or the Remote UI.
Encrypted SSL Communication
A key pair and server certificate are required to use encrypted SSL communication for IPP printing, e-mail and I-faxes, the Remote UI, and delivering device information.
(See "Registering a Key Pair File and Server Certificate File Installed from a Computer.")Install the key pair file and server certificate file using the Remote UI. The installed key pair file and server certificate file can be used as a key pair and server certificate by registering them from the control panel of the machine.
IEEE802.1X Authentication
A CA certificate, key pair, and client certificate are required.
(See "IEEE802.1X Authentication Settings.")
CA certificate
Install the CA certificate file using the Remote UI. The installed CA certificate file can be used as a CA certificate by registering it from the control panel of the machine.
(See "Registering/Editing a CA Certificate File.")
Key pair and client certificate
Install the key pair file and client certificate file. The installed key pair file and client certificate file can be used as a key pair and client certificate by registering them from the control panel of the machine.
A CA certificate, key pair, and client certificate are required.
(See "IPSec Settings.")
CA certificate
Install the CA certificate file using the Remote UI. The installed CA certificate file can be used as a CA certificate by registering it from the control panel of the machine.
(See "Registering/Editing a CA Certificate File.")
Key pair and certificate
Install the key pair file and certificate file. The installed key pair file and certificate file can be used as a key pair and certificate by registering them from the control panel of the machine.
NOTE
|
To install a key pair and server certificate, it is necessary to log in as an administrator.
|
Installing a Key Pair File and Server Certificate
The algorithms for key pairs and certificates that can be used with the machine are indicated below.
Signature Algorithm
|
Key Length/Type
|
sha1RSA/sha256RSA/sha384RSA*
/sha512RSA*/MD2RSA**/MD5RSA**
|
512 bits/1024 bits
/2048 bits/4096 bits
|
sha1ECDSA/sha256ECDSA/sha384ECDSA/sha512ECDSA
|
P256/P384/P521
|
* Indicates algorithms that can be used only if the key length is equal to or longer than 1024 bits.
** Indicates algorithms that can be used only when installing from the Remote UI.
The formats of key pairs and certificates that can be used with the machine are indicated below.
Certificate Format
|
Extension
|
PKCS#12*
|
.pfx/.p12
|
* Indicates formats that can be used only when installing from the Remote UI.
1.
Click [Settings/Registration] → [Device Management] for <Management Settings>.
2.
Click [Key and Certificate Settings] → [Register Key and Certificate] → [Install...].
3.
Click [Browse].
4.
In the dialog box that appears, select the key pair file and certificate file to install → click [Open...].
The maximum number of characters that you can enter for the file name in [File Path] is eight, excluding the file extension ".pfx" or ".p12". Specify the name of the file to install so that it will not exceed eight characters.
5.
Click [Start Installation].
NOTE
|
A preinstalled key pair and server certificate are registered in the machine. You can also perform encrypted SSL communication using the preinstalled key pair and server certificate. You can also use a key pair and server certificate generated and registered on the control panel of the machine for encrypted SSL communication.
|
Installing a CA Certificate File
The algorithms for key pairs and certificates that can be used with the machine are indicated below.
Signature Algorithm
|
Key Length/Type
|
sha1RSA/sha256RSA/sha384RSA*
/sha512RSA*/MD2RSA/MD5RSA
|
512 bits/1024 bits
/2048 bits/4096 bits
|
sha1DSA
|
1024 bits/2048 bits/3072 bits
|
* Indicates algorithms that can be used only if the key length is equal to or longer than 1024 bits.
The formats of key pairs and certificates that can be used with the machine are indicated below.
Certificate Format
|
Extension
|
X.509 DER
|
cer
|
NOTE
|
To install a CA certificate, it is necessary to log in as an administrator.
|
1.
Click [Settings/Registration] → [Device Management] for <Management Settings>.
2.
Click [CA Certificate Settings] → [Register CA Certificate] → [Install...].
3.
Click [Browse].
4.
In the dialog box that appears, select the CA certificate file to install → click [Open...].
The maximum number of characters that you can enter for the file name in [File Path] is eight, excluding the file extension ".cer". Specify the name of the file to install so that it will not exceed eight characters.
5.
Click [Start Installation].
Registering/Checking/Deleting a Certificate Revocation List (CRL)
This function registers/checks/deletes a certificate revocation list (CRL).
The algorithms for certificates that can be used with the machine are indicated below.
Signature Algorithm
|
sha1RSA/sha256RSA/sha384RSA*/sha512RSA*/MD2RSA/MD5RSA/sha1ECDSA/sha256ECDSA/sha384ECDSA/sha512ECDSA
|
* Indicates algorithms that can be used only if the key length is equal to or longer than 1024 bits.
The formats of certificates that can be used with the machine are indicated below.
Certificate Format
|
Extension
|
CRL, DER
|
crl
|
NOTE
|
To install a certificate revocation list (CRL), it is necessary to log in as an administrator.
|
1.
Click [Settings/Registration] → [Device Management] for <Management Settings>.
2.
Click [Certificate Revocation List (CRL) Settings].
To register a certificate revocation list (CRL):
Click [Register CRL...] → [Browse].
Select the certificate revocation list (CRL) you want to register.
Click [Register].
IMPORTANT
|
A certificate revocation list (CRL) cannot be registered in the following cases:
If you want to register more than 50 certificate revocation lists (CRL)
If the file size of a certificate revocation list (CRL) is more than 1MB
If you use the unsupported signature algorithm
If more than 1,000 expired certifications are registered in a certificate revocation lists (CRL)
|
To check a certificate revocation list (CRL):
Click the certificate revocation list (CRL) you want to check → click [Verify CRL].
To delete a certificate revocation list (CRL):
Check the certificate revocation list (CRL) you want to delete → click [Delete].
Installing/Checking/Deleting a User Signature Certificate File and Key Pair File
This function installs/checks/deletes a user certificate file and key pair file contained in a digital signature file.
This function is available only if the Universal Send Digital User Signature Kit is activated and you log in to the machine using the SSO-H login service.
The algorithms for key pairs and certificates that can be used with the machine are indicated below.
Signature Algorithm
|
Key Length/Type
|
sha1RSA
|
1024 bits/2048 bits
|
The formats of key pairs and certificates that can be used with the machine are indicated below.
Certificate Format
|
Extension
|
PKCS#12
|
.pfx/.p12
|
1.
Click [Settings/Registration] → [Device Management] for <Management Settings>.
2.
Click [User Key and Certificate Settings].
If an administrator is logged in, all of the registered user key pair files and certificate files are displayed.
If a general user has logged in, only their user key pair files and certificate files are displayed.
To install a user key and certificate:
Click [Install...] → enter the path for the key pair and certificate file to install and the password of the private key → click [Start Installation].
The maximum number of characters that you can enter for the file name is 20, excluding the file path and file extension ".p12" or ".pfx". Specify the name of the file to install so that it will not exceed 20 characters.
IMPORTANT
|
Up to 100 user certificate files can be installed, with a maximum of one user certificate per user. An error is displayed after you press [Start Installation], if you attempt to install more than 100 certificate files, or more than one user certificate file for a user.
|
To check/erase a user key pair file:
To check a user key pair file
Click the key pair file.
To erase a user key pair file
Select the user key pair file you want to erase → click [Delete].