e-ManualTopSite mapHelpGlossary

Category Top

Preventing Unauthorized Access

Increasing Security

Restricting Access by Authentication

Administrator Settings

Specifying the System Manager Settings

Department ID Management

Specifying Department ID Management

Checking/Printing/Clearing Page Totals

Accepting Jobs with Unknown Department IDs

Accepting B&W Copy and Print Jobs without Entering a Department ID

User Setting Information Management (User Setting Information Management Service)

Logging In to the User Setting Information Management Service Page

Deleting the User Setting Information

User Access Control for Advanced Box

Logging In to the User Management Page

Registering/Editing the User Information of User Access Control for Advanced Box

Editing User Information by General Users

Authentication Log Management for the Advanced Box

Authentication Method Settings for Sending Operations

Specifying Personal Folders

Registering Personal Folders for Each User

Setting Up the Home Folder and Personal Folders

Registering Folders Designated by Login Service as Personal Folders

Specifying Authentication Method for LDAP Server

Specifying Authentication Method for Rights Management Server

Specifying Authentication Method for SMTP Server

Specifying Authentication Method for File Server

Specifying Authentication Method for Advanced Box

Simple Authentication Settings for Secure Print

Setting to Disable Integrated Authentication

Network Security

Key Pair and Server Certificate Settings for Encrypted SSL Communication

Generating a Key Pair and Server Certificate

Registering a Key Pair File and Server Certificate File Installed from a Computer

Editing Key Pairs and Server Certificates

Registering/Editing a CA Certificate File

Verifying Certificate Validity Using Certificate Revocation List

Using an Encryption Method That Complies with FIPS 140-2

Advanced Box Settings

Specifying the Advanced Box Settings

Setting the Network

MEAP Settings

Using the SSL

Printing Installed Application Information

Preventing Information Leakage

Digital Signatures

Setting/Confirming a Key Pair and Device Certificate

Confirming a Key Pair and User Certificate

Checking a Device Signature/User Signature Certificate

Setting a Rights Management Server

Forced Secure Watermark/Document Scan Lock

Secure Watermark (Forced Secure Watermark/Printer Driver Secure Watermark)

Adjusting the Secure Watermark Contrast

Selecting the Code for Document Scan Lock (TL Code/QR Code)

Document Scan Lock Settings (TL Code)

Specifying the Document Scan Lock Operational Settings
Setting the Document Scan Lock Mode (TL Code)
Adjusting the TL Code

Document Scan Lock Settings (QR Code)

Specifying the Document Scan Lock Operational Settings (QR Code)
Setting the Document Scan Lock Mode (QR Code)
Setting the Document Scan Lock Mode and Secure Watermark (QR Code)
Adjusting the QR Code Print Position

Copy Set Numbering Options

Accepting Only Encrypted Secure Printing

Restricting the Send Function

Setting the Address Book

Mail Box Settings

Specifying Settings for All Mail Boxes

Specifying the Mail Box Security Settings

Setting the Control Panel Display

Specifying Management Settings for the Hard Disk

Completely Erasing Unnecessary Data from the Hard Disk

Initializing All Data/Settings

TPM Settings

Device Management

Using the USB Port

Device Information Settings

Specifying Device Information Delivery Settings

Registering/Deleting/Printing Delivery Destinations

Setting Automatic Delivery

Setting Manual Delivery

Setting the Receiving Machine

Checking/Printing the Communication Log

Limiting Functions

Limiting Functions When the Security Key Is Turned OFF

Remote UI

Clearing the Message Board

ACCESS MANAGEMENT SYSTEM

Retrieving Audit Logs

Available Administrator Settings Table (Touch Panel Display)

IEEE 2600 Security Standard

Top » Security » Key Pair and Server Certificate Settings for Encrypted SSL Communication » Generating a Key Pair and Server Certificate
Generating a Key Pair and Server Certificate
08JK-277
It is necessary to generate and register a key pair in order to perform the following: To use encrypted SSL communication for IPP printing, e-mail and I-faxes, the Remote UI, MEAP functions via a Web browser, device information delivery, and the Advanced Box which is opened externally as a WebDAV server; to use the SMS management function of MEAP; and, to confirm Department IDs and PINs.
A key pair and server certificate are preinstalled in the machine. You can also perform encrypted SSL communication using the preinstalled key pair and server certificate.
The procedure for generating and registering a key pair and self-signed server certificate using the control panel of the machine is as follows:
1.
Press (Settings/Registration).
2.
Press [Management Settings] → [Device Management] → [Certificate Settings].
3.
Press [Generate Key].
4.
Press [Generate Network Communication Key] → specify the following settings → press [Next].
If device signature is disabled, it is not necessary to press [Generate Network Communication Key]. If you press [Generate Key], the screen changes to the screen for generating a network communication key.
Items you can set:
[Key Name]: Enter a name for the key pair.
<Signature Algorithm>: Select the hash function to use for the signature. Keys that are 1024-bit or longer support the hash function of SHA384 and SHA512. To set [SHA384] or [SHA512], select [1024], [2048], or [4096] in <Key Type>.
<Key Algorithm>: Select [RSA] (Rivest Shamir Adleman) or [ECDSA] (Elliptic Curve Digital Signature Algorithm).
<Key Length (bit)>: If you select [RSA] in <Key Algorithm>, select [512], [1024], [2048], or [4096].
<Key Type>: If you select [ECDSA] in <Key Algorithm>, select [P256], [P384], or [P521].
NOTE
The name of the preinstalled key pair is 'Default Key'.
You cannot specify 'Device Signature Key' (used for key pairs for adding digital signatures to PDF or XPS files) or 'AMS' (used for key pairs for access restrictions) as the name for the key pair.
5.
Set the self-signed server certificate.
You cannot set an end date which is earlier than the start date.
Set at least one of the following items. You cannot issue a server certificate if all the items are left blank. When using IPPS printing with Windows Vista/7/Server 2008/Server 2008 R2, make sure to enter the IP address of the machine in [Common Name].
Items you can set:
[Country/Region]:
Select the country/region name from the 25 countries/regions in the list, or enter an Internet country code.
[State]:
Set the state name.
[City]:
Set the city name.
[Organization]:
Set the organization name.
[Organization Unit]:
Set the organization unit, such as the department name.
[Common Name]:
Set the IP address or FQDN (for example, starfish.company.com) of the machine.
IMPORTANT
A DNS server is necessary to use the FQDN of the machine in [Common Name]. Use the IP address of the machine if you do not have a DNS server.
The key pair you have registered cannot be used for encrypting communications with SSL until it has been set as the default key. For instructions on setting the default key, see "Setting the Key Pair Used With SSL Encrypted Communications."
6.
Press [Generate Key] → [OK].
NOTE
To confirm the key pair and server certificate you have registered, see "Editing Key Pairs and Server Certificates."
After pressing [Generate Key], you cannot use any of the keys until a key pair has been generated and registered.
IMPORTANT
Up to 10 key pairs can be registered.
Back to Top