Table of Contents
Advertisement
14 Encryption and Digital Signature Settings
Encrypting HTTP Communications from the Device to a Remote Server (SSL/TLS Client)
The SSL/TLS protocol is used to encrypt the HTTP communications between a remote server
and the device. No certificate is required in general. However, if a remote server is set to
require an SSL client certificate, you can use a certificate issued by another CA.
When verifying an SSL/TLS server certificate of a remote server with the verification of the
server certificate enabled, import the certificate of the CA included in the higher level of the
certificate path to the device using CentreWare Internet Services.
Note
If the certificate for the SSL client contains the V3 extension "keyUsage", "digitalSignature" must be asserted.
Encryption using IPsec
IPsec enables IP-level (not application-level) encrypted communications with remote
devices.
If you select [Digital Signature] for [IKE Authentication Method], a certificate issued by
another CA is required.
If you select [Preshared Key], no device certificate is required.
Note
If the certificate for IPsec contains the V3 extension (keyUsage), "digitalSignature" bit must be asserted.
Reference
For information on IKE authentication methods, refer to "[IPsec Settings]" (P.319).
For information on the setting procedure, refer to "Configuration of Encryption Using IPsec" (P.346).
In case of verifying communication party, certificates created by the certification authority
of the other party (priority CA certificate) must be imported to the device.
Email Encryption/Digital Signature
S/MIME is used for Email Encryption/Digital Signature. To use S/MIME on the device, S/
MIME certificates are used.
You can use a self-signed certificate or a certificate issued by another CA as an S/MIME
certificate.
The personal certificates or the device certificates of destinations are required for
encrypted communications.
Important
[Split by Data Size] of the email split sending function is unavailable when sending the email using the digital
signature/encryption.
Note
If the certificate for S/MIME contains an "email Address" or a V3 extension (keyUsage), "digitalSignature"
and "keyEncipherment" must be asserted. If the certificate contains V3 extension (extendedKeyUsage),
"emailProtection" must be set.
Reference
For information on the setting procedure, refer to "Configuration of Email Encryption/Digital Signature"
(P.348).
342
Advertisement
Table of Contents
