14 Encryption and Digital Signature Settings
Configuration of Encryption Using IPsec
When setting [Authenticate by Digital Signature] for [IKE Authentication Method] to make
IPsec communication, register a certificate with the device. No certificate is registered with
the device by factory default. Import an IPsec certificate. After importing a certificate,
configure IPsec.
When the IKE authentication method is set to [Authenticate by Preshared Key], skip the
step 1 "Certificate Arrangement" and go to step 2 "Configuration of IPsec".
Reference
For information on IKE authentication methods, refer to "[IPsec Settings]" (P.319).
Important
You cannot import a certificate that already has been registered either as [Device Certificates] or [Other
Certificates]. Delete the registered certificate beforehand.
Note
If a certificate to be imported as an IPsec certificate contains V3 extension "KeyUsage", "digitalSignature" bit
must be asserted.
Step1 Certificate Arrangement
To configure a certificate using CentreWare Internet Services, configure the encryption
settings for HTTP communications, and then import a certificate issued by another CA to
use it for the IPsec certificate.
Note
You cannot use a self-signed certificate created with CentreWare Internet Services for IPsec.
The public key of the certificate that can be imported to the device shall be either of RSA
4096 bits) and ECC public key P-256/P-384/P-521.
Reference
For details on how to configure the encryption settings for HTTP communication, refer to "Configuration of
HTTP Communications Encryption" (P.344).
1
Start CentreWare Internet Services and log in to the System Administration mode.
Reference
For more information on how to start CentreWare Internet Service, refer to "Starting CentreWare Internet
Services" (P.85).
2
Click [System] on the left menu.
3
Click [Security] > [Certificate Settings] > [Import].
4
Click [Select] and select the file to import on the displayed dialog box, then click [Save].
Note
You can also directly enter the path of the file to import.
5
Enter the password of the certificate to [Password].
6
Enter the same password as the previous step to [Retype Password].
7
Click [Start].
346
®
public key (up to