Download  Print this page

Public Key Encryption (Pki); Device Certificates - Xerox AltaLink B8045 Security Manual

Office class multi-function products & single-function printers
Hide thumbs

Advertisement

Xerox® Security Guide for Office Class Products: AltaLink®  VersaLink®

Public Key Encryption (PKI)

A digital certificate is a file that contains data used to verify the identity of the client or server in a network
transaction. A certificate also contains a public key used to create and verify digital signatures. To prove
identity to another product, a product presents a certificate trusted by the other product. The product can
also present a certificate signed by a trusted third party and a digital signature proving that it owns the
certificate.
A digital certificate includes the following data:
• Information about the owner of the certificate
• The certificate serial number and expiration date
• The name and digital signature of the certificate authority (CA) that issued the certificate
• A public key
• A purpose defining how the certificate and public key can be used
There are four types of certificates:
• A Product Certificate is a certificate for which the printer has a private key. The purpose specified in the
certificate allows it to be used to prove identity.
• A CA Certificate is a certificate with authority to sign other certificates.
• A Trusted Certificate is a self-signed certificate from another product that you want to trust.
• A domain controller certificate is a self-signed certificate for a domain controller in your network.
Domain controller certificates are used to verify the identity of a user when the user logs in to the product
using a Smart Card.
For protocols such as HTTPS, the printer is the server, and must prove its identity to the client Web
browser. For protocols such as 802.1X, the printer is the client, and must prove its identity to the
authentication server, typically a RADIUS server.

Device Certificates

AltaLink® and VersaLink® products support both CA signed and self-signed certificates. Product
certificates support a bit length of up to 2048 bits.
A CA signed certificate can be created by generating a Certificate Signing Request (CSR), and sending it
to a CA or a local server functioning as a CA to sign the CSR. An example of a server functioning as a
certificate authority is Windows Server 2008 running Certificate Services. When the CA returns the signed
certificate, install it on the printer.
Alternatively, a self-signed certificate may be created. When you create a Product Certificate, the product
generates a certificate, signs it, and creates a public key used in SSL/TLS encryption.
Device Certificates
Certificate Length
Supported Hashes
Product Web Server
IPPS (TLS) Printing
802.1X Client
Email Signing
Email Encryption
OCSP Signing
IPSec
November 2018
AltaLink® Multifunction VersaLink®
Multifunction
B8045, B8055, B8065, B8075,
B405, B605, B615, B7025,
B8090, C8030, C8035, C8045,
B7030, B7035, C405, C505,
C8055, C8070
C605, C7020, C7025, C7030
1024, 2048
1024, 2048
SHA1, SHA256
SHA256, SHA384, SHA512
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
Supported
(Not currently supported)
VersaLink® Printers
B400, B600, B610, C400,
C500, C600, C7000, C8000,
C9000
1024, 2048
SHA256, SHA384, SHA512
Supported
Supported
Supported
(Not Applicable)
(Not Applicable)
Supported
(Not currently supported)
Page 15

Hide quick links:

Advertisement

Table of Contents
loading