Encryption And Digital Signature Overview; Encryption Features For Communication - Fuji Xerox DocuCentre-III 2007 Administrator's Manual

12 Encryption and Digital Signature Settings

Encryption and Digital Signature Overview

Encryption Features for Communication

The communication data between the machine and computers on a network can be
encrypted.
Encryption of the HTTP Communication from a Client to the Machine
(SSL/TLS Server)
The SOAP port, Internet Services port, IPP port, and WebDAV port use the HTTP
server of the machine.
The SSL/TLS protocol is used to encrypt the HTTP communication from a client to the
machine.
Registered certificates or certificates created by CentreWare Internet Service can be
used as SSL/TLS certificates used on the SSL/TLS server.
Note
Encryption of the HTTP Communication from the Machine to a Remote Server
(SSL/TLS Client)
The SSL/TLS protocol is used to encrypt the HTTP communication with a remote
server.
No certificates are required in general. However, if a remote server is set to require a
SSL client certificate, an SSL/TLS certificate must be registered from CentreWare
Internet Services to the machine.
When verification of server certificates is enabled to verify a remote server, the root
certificate of the remote server must be registered from CentreWare Internet Services
to the machine to verify the SSL/TLS certificate of the remote server.
Note
Encryption using IPSec
12
IPSec enables IP-level (not application-level) encryption to communicate with remote
devices. If you select [Authenticate by Digital Signature] under [IKE Authentication
Method], a certificate for IPSec is required. If you select [Authenticate by Preshared
Key], no certificate is required.
Note
For information on the IKE authentication methods, refer to "IKE Authentication Method" (P.126).
Created certificate can be used as IPSec certificates. If [IKE Authentication Method] is
set to [Authenticate by Digital Signature], the CA certificate, which contains the root
certificate of the remote device, needs to be registered with the machine so that the
machine can verify the certificate of the remote device.
Note
256
• When using certificates that have already been created, import them with CentreWare
Internet Services.
• By enciphering HTTP communication, communication data can be enciphered at the time of
printing using IPP (SSL encrypted communication).
• Certificates created by CentreWare Internet Services are valid for one year.
• When using certificates that have already been created, import them with CentreWare
Internet Services.
• Certificates created by CentreWare Internet Services are valid for one year.
• If the certificate for IPSec contains the V3 extension "keyUsage", "digitalSignature" must be
set to On.
• When using certificates that have already been created, import them with CentreWare
Internet Services.
• Certificates created by CentreWare Internet Services are valid for one year.