Generating the Key and Certificate for Network Communication

» Managing the Machine » Configuring the Network Security Settings » Configuring the Key and Certificate for TLS » Generating the Key and Certificate for Network Communication

0WR7-0AK

The machine can generate the key and certificate (server certificate) used for TLS encrypted communication. If you want to start using TLS encrypted communication immediately, it is convenient to use the key and certificate that are preinstalled in the machine. If necessary, have an administrator generate a key and certificate. Note, however, that TLS encrypted communication is not enabled simply by generating a key and certificate. Configuring the Key and Certificate for TLS

NOTE
If you want to use a server certificate with a CA signature, you can generate the key along with a CSR, instead of the certificate. Generating a Key and CSR

Press

Press <Management Settings>

<Generate Network Communication Key>.

Configure the necessary items for the key, and press <Next>.

Enter a name for the key. Use a name that will be easy to find when displayed in a list.

Select the hash algorithm to use for the signature. The available hash algorithms vary depending on the key length (Specifications). A key length of 1024 bits or more can support SHA384 and SHA512 hash algorithms. If <RSA> is selected for

, and <Key Length (bit)> is set to <1024> or more for

, the SHA384 and SHA512 hash algorithms can be selected.

Select the key algorithm. If <RSA> is selected, <Key Length (bit)> is displayed as a setting item for

. If <ECDSA> is selected, <Key Type> is displayed instead.

Specify the key length if <RSA> is selected for

, or specify the key type if <ECDSA> is selected. In both cases, a higher value provides greater security but reduces the communication processing speed.

Configure the necessary items for the certificate, and press <Generate Key>.

Enter the validity start and end date.

Select the country code from the list, and enter the location and the organization name.

Enter the IP address or FQDN.

When performing IPPS printing in a Windows environment, make sure to enter the machine's IP address.

A DNS server is required in order to enter the FQDN of the machine. Enter the IP address if a DNS server is not used.

NOTE
Managing keys and certificates You can check the detailed settings or delete keys and certificates on the screen that is displayed when you press <Management Settings> <Device Management> <Certificate Settings> <Key and Certificate List>. If the list of keys and certificates is not displayed, press <Key and Certificate List for This Device> to display it. If is displayed, the key is corrupted or invalid. If is not displayed, the certificate for the key does not exist. If you select a key and certificate and press <Certificate Details>, detailed information about the certificate is displayed. You can also press <Verify Certificate> on this screen to check whether the certificate is valid. To delete keys and certificates, select the ones that you want to delete, and press <Delete> <Yes>.

NOTE

Managing keys and certificates

You can check the detailed settings or delete keys and certificates on the screen that is displayed when you press

<Key and Certificate List>. If the list of keys and certificates is not displayed, press <Key and Certificate List for This Device> to display it.

is displayed, the key is corrupted or invalid.

is not displayed, the certificate for the key does not exist.

If you select a key and certificate and press <Certificate Details>, detailed information about the certificate is displayed. You can also press <Verify Certificate> on this screen to check whether the certificate is valid.

To delete keys and certificates, select the ones that you want to delete, and press <Delete>

<Yes>.

Registering a Key and Certificate for Network Communication

Generating a Device Signature Certificate