Security Certificates - Xerox VersaLink Series System Administrator Manual

Security Certificates

A digital certificate is a file that contains data used to verify the identity of the client or server in an
encrypted network transaction. A certificate contains a public key used to create and verify digital
signatures. To prove identity to another device, a device presents a certificate trusted by the other
device. The device can present a certificate signed by a trusted third party and a digital signature
proving that the device owns the certificate.
A digital certificate includes the following data:
• Information about the owner of the certificate
• The certificate serial number and expiration date
• The name and digital signature of the certificate authority (CA) that issued the certificate
• A public key
• A purpose defining how the certificate and public key can be used
There are four categories of certificates:
• A Device Certificate is a certificate for which the printer has a private key. The purpose specified in
the certificate allows it to be used to prove the identity of the printer.
• A Trusted Root CA Certificate is a certificate with authority to sign other certificates. These
certificates usually are self-signed certificates that come from another device or service that you
want to trust.
• An Intermediate CA Certificate is a certificate that links a certificate to a Trusted Root CA
Certificate in certain network environments.
• Other Certificates are certificates that are installed on the printer for solution-specific uses.
You can import Certificate Revocation Lists (CRL) directly into the printer. For details on how to use
remote Certificate Revocation Lists automatically, refer to
Revocation.
Note: When a ConnectKey App includes a security certificate, the certificate installs onto the
printer with the ConnectKey App.
I I n n s s t t a a l l l l i i n n g g C C e e r r t t i i f f i i c c a a t t e e s s
To ensure that the printer can communicate with other devices over a secure trusted connection, both
devices must have specific certificates installed.
For protocols such as HTTPS, the printer is the server, and must prove its identity to the client Web
browser. For protocols such as 802.1X, the printer is the client, and must prove its identity to the
authentication server, typically a RADIUS server.
For features that use these protocols, perform the following tasks:
Xerox ® VersaLink ® Series Multifunction and Single Function Printers
Configuring Settings for Certificate
System Administrator Guide
Security
85