File extension:
Maximum number of registerable certificates:
*1 Available only when the key algorithm is 1024 bits or more.
*2 Cannot be used for user signatures
*3 Available only when installed by using the Remote UI.
*4 Used for TLS, IEEE802.1x, IPSec, and device signatures.
◼
Registration of Certificate Revocation Lists (CRL)
Up to 50 certificate revocation lists (CRL) can be registered. Note, however, that CRL cannot be registered in the
following cases.
●
The data size of the CRL exceeds 1 MB.
●
An unsupported signature algorithm is being used.
●
The number of revoked certificates registered in one CRL file exceeds 1,000.
◼
Definition of "Weak Encryption"
When <Prohibit Use of Weak Encryption> is set to <On>, the use of the following algorithms are prohibited.
Hash:
HMAC:
Common key cryptosystem: RC2, RC4, DES
Public key cryptosystem:
●
Even when <Prohibit Use of Key/Certificate with Weak Encryption> is set to <On>, the hash algorithm SHA-1,
which is used for signing a root certificate, can be used.
◼
FIPS 140-2 Standard Algorithm
When <Format Encryption Method to FIPS 140-2> is set to <On>, the following algorithms are prohibited from use.
Appendix
CA Certificates, S/MIME Certificates: X.509 DER/PEM
User Signature Keys/Certificates: pfx/p12
Keys, Certificates: pfx/p12*
CA Certificates, S/MIME Certificates: cer/pem
User Signature Keys/Certificates: 100 (one user certificate per user)
Keys, Certificates: 6*
CA Certificates: 150
S/MIME Certificates: 2,000
MD4, MD5, SHA-1
HMAC-MD5
RSA encryption (512 bits/1024 bits), RSA signature (512 bits/1024 bits), DSA (512 bits/1024
bits), DH (512 bits/1024 bits)
1470
4
4