Installing a Certificate File
You can use the Remote UI to install the key pair, user certificate, and certificate revocation list required for user signatures in the machine.
You can also install the key pair file and certificate file used for the functions below, to the machine from the Remote UI. To use the files installed as a key pair and certificate, it is necessary to register them from the control panel of the machine or the Remote UI.
Encrypted SSL Communication
A key pair and server certificate are required to use encrypted SSL communication for IPP printing, e-mail and I-faxes, the Remote UI, and delivering device information. (See "Registering a Key Pair File and Server Certificate File Installed from a Computer.")
Install the key pair file and server certificate file using the Remote UI. The installed key pair file and server certificate file can be used as a key pair and server certificate by registering them from the control panel of the machine.
IEEE802.1X Authentication
A CA certificate, key pair, and client certificate are required.(See "IEEE802.1X Authentication Settings.")
CA certificate
Install the CA certificate file using the Remote UI. The installed CA certificate file can be used as a CA certificate by registering it from the control panel of the machine. (See "Registering/Editing a CA Certificate File.")
Key pair and client certificate
Install the key pair file and client certificate file. The installed key pair file and client certificate file can be used as a key pair and client certificate by registering them from the control panel of the machine.
IPSec
A CA certificate, key pair, and client certificate are required. (See "IPSec Settings.")
CA certificate
Install the CA certificate file using the Remote UI. The installed CA certificate file can be used as a CA certificate by registering it from the control panel of the machine. (See "Registering/Editing a CA Certificate File.")
Key pair and certificate
Install the key pair file and certificate file. The installed key pair file and certificate file can be used as a key pair and certificate by registering them from the control panel of the machine.
NOTE
For more information on registering a key pair and server certificate file, see "Registering a Key Pair File and Server Certificate File Installed from a Computer."
For more information on generating a key pair and server certificate file, see "Generating a Key Pair and Server Certificate."
This operation can only be performed by a user with the required privileges. For more information, see "Setting Administrators."
Installing a Key Pair File and Server Certificate
The algorithms for key pairs and certificates that can be used with the machine are indicated below.
For RSA:
Signature Algorithm
Key Algorithm
SHA1/SHA256/SHA384*/SHA512*/MD2/MD5
RSA 512/1024/2048/4096
* Indicates algorithms that can be used only if the key length is equal to or longer than 1024 bits.
For ECDSA:
Signature Algorithm
Key Algorithm
SHA1/SHA256/SHA384/SHA512
ECDSA P256/P384/P521
The formats of key pairs and certificates that can be used with the machine are indicated below.
Certificate Format
Extension
PKCS#12*
.pfx/.p12
* Indicates formats that can be used only when installing from the Remote UI.
1.
Click [Settings/Registration] → [Device Management] for <Management Settings>.
2.
Click [Key and Certificate Settings] → [Register Key and Certificate] → [Install...].
3.
Click [Browse].
4.
In the dialog box that appears, select the key pair file and certificate file to install → click [Open...].
The maximum number of characters that you can enter for the file name in [File Path] is 20, excluding the file extension ".pfx" or ".p12". Specify the name of the file to install so that it will not exceed 20 characters.
5.
Click [Start Installation].
NOTE
A preinstalled key pair and server certificate are registered in the machine. You can also perform encrypted SSL communication using the preinstalled key pair and server certificate. You can also use a key pair and server certificate generated and registered on the control panel of the machine for encrypted SSL communication.
Installing a CA Certificate File
The algorithms for key pairs and certificates that can be used with the machine are indicated below.
For RSA:
Signature Algorithm
Key Algorithm
SHA1/SHA256/SHA384*/SHA512*/MD2/MD5
RSA 512/1024/2048/4096
* Indicates algorithms that can be used only if the key length is equal to or longer than 1024 bits.
For DSA:
Signature Algorithm
Key Algorithm
SHA1
DSA 1024/2048/3072
For ECDSA:
Signature Algorithm
Key Algorithm
SHA1/SHA256/SHA384/SHA512
ECDSA P256/P384/P521
The formats of key pairs and certificates that can be used with the machine are indicated below.
Certificate Format
Extension
X.509 DER
cer
NOTE
For more information on registering a CA certificate file, see "Registering/Editing a CA Certificate File."
This operation can only be performed by a user with the required privileges. For more information, see "Setting Administrators."
1.
Click [Settings/Registration] → [Device Management] for <Management Settings>.
2.
Click [CA Certificate Settings] → [Register CA Certificate] → [Install...].
3.
Click [Browse].
4.
In the dialog box that appears, select the CA certificate file to install → click [Open...].
The maximum number of characters that you can enter for the file name in [File Path] is 20, excluding the file extension ".cer". Specify the name of the file to install so that it will not exceed 20 characters.
5.
Click [Start Installation].
Registering/Checking/Deleting a Certificate Revocation List (CRL)
This function registers/checks/deletes a certificate revocation list (CRL).
The algorithms for certificates that can be used with the machine are indicated below.
For RSA:
Signature Algorithm
SHA1/SHA256/SHA384/SHA512/MD2/MD5
For DSA:
Signature Algorithm
SHA1
For ECDSA:
Signature Algorithm
SHA1/SHA256/SHA384/SHA512
The formats of certificates that can be used with the machine are indicated below.
Certificate Format
Extension
CRL, DER
crl
NOTE
For more information on registering a certificate revocation list (CRL), see "Verifying Certificate Validity Using Certificate Revocation List."
This operation can only be performed by a user with the required privileges. For more information, see "Setting Administrators."
1.
Click [Settings/Registration] → [Device Management] for <Management Settings>.
2.
Click [Certificate Revocation List (CRL) Settings].
To register a certificate revocation list (CRL):
To check a certificate revocation list (CRL):
To delete a certificate revocation list (CRL):
To register a certificate revocation list (CRL):
Click [Register CRL...] → [Browse].
Select the certificate revocation list (CRL) you want to register.
Click [Register].
IMPORTANT
A certificate revocation list (CRL) cannot be registered in the following cases:
If you want to register more than 50 certificate revocation lists (CRL)
If the file size of a certificate revocation list (CRL) is more than 1MB
If you use the unsupported signature algorithm
If more than 1,000 expired certifications are registered in a certificate revocation lists (CRL)
To check a certificate revocation list (CRL):
Click the certificate revocation list (CRL) you want to check → click [Verify CRL].
To delete a certificate revocation list (CRL):
Check the certificate revocation list (CRL) you want to delete → click [Delete].
Installing/Checking/Deleting a User Signature Certificate File and Key Pair File
This function installs/checks/deletes a user certificate file and key pair file contained in a digital signature file.
This function is available only if the Universal Send Digital User Signature Kit is activated and you log in to the machine using User Authentication.
The algorithms for key pairs and certificates that can be used with the machine are indicated below.
For RSA:
Signature Algorithm
Key Length/Type
SHA1
RSA 1024/2048
The formats of key pairs and certificates that can be used with the machine are indicated below.
Certificate Format
Extension
PKCS#12
.pfx/.p12
1.
Click [Settings/Registration] → [Device Management] for <Management Settings>.
2.
Click [User Key and Certificate Settings].
If an administrator is logged in, all of the registered user key pair files and certificate files are displayed. (See "Setting Administrators.")
If a general user has logged in, only their user key pair files and certificate files are displayed.
To install a user key and certificate:
To check/erase a user key pair file:
To install a user key and certificate:
Click [Install...] → enter the path for the key pair and certificate file to install and the password of the private key → click [Start Installation].
The maximum number of characters that you can enter for the file name is 20, excluding the file path and file extension ".p12" or ".pfx". Specify the name of the file to install so that it will not exceed 20 characters.
IMPORTANT
Up to 100 user certificate files can be installed, with a maximum of one user certificate per user. An error is displayed after you press [Start Installation], if you attempt to install more than 100 certificate files, or more than one user certificate file for a user.
To check/erase a user key pair file:
To check a user key pair file
Click the key pair file.
To erase a user key pair file
Select the user key pair file you want to erase → click [Delete].
» Remote UI » Installing a Certificate File
0R9W-1UR