Lexmark MS610dn Administrator's Manual page 42

Appendix
For this application to function, the device must be joined to an Active Directory environment and a Certificate
Enrollment Web Services (Server Role) application needs to be installed on the customer's network.
Note: The example usage instructions given below assume the Certificate Enrollment Web Services is installed on a
Windows 2008 R2 server.
1
Open a Web browser, and then type the IP address or host name of the printer in the address field.
2
From your printer Web page, click Settings > Security > Certificate Management > Device Certificate Management.
3
Click Advanced Management to use the Automatic Certificate Enrollment application, and then click Request new
Certificate.
Note: The screen may refresh for 10 to 15 seconds. At this time, the device is contacting the Certificate
Enrollment Web Service on the server and capturing the certificate templates that are available to the device.
4
From the "Device Certificate Management > Advanced > Templates" page, select any of the following displayed
template options to use when requesting a certificate:
•
IPSec—If you want to install a device certificate that is used for IPSec negotiations.
•
Web Server—If you want to secure any SSL/TLS connections such as the EWS or LDAP over SSL.
•
RAS and IAS Server—If you wish to install a device certificate that is used for 802.1x negotiations.
5
Click Request Certificate. From this screen, you will customize the certificate for this device.
Note: If you want to view the template details first, then click View instead of Request Certificate.
6
Modify the settings from the Request Certificate Web page, but only when necessary.
Notes:
•
The fields that are filled in with the data and the selected check boxes are the template defaults that were
pulled from the CA. You can change them if you choose, but remember that the default templates are
generally configured with the appropriate settings by the CA administrator and changing some settings may
cause the request to be denied.
• The "Collapse/Expand Subject Name" fields link is used to change any of the device information that is used
to create or generate a certificate. This includes the same information as the Set Certificate Defaults link
under Certificate Management.
7
Click Submit to send the Certificate Signing Request (CSR) to the CA.
Note: The screen may refresh for 10 to 15 seconds. At this time, the device is contacting the Certificate
Enrollment Web Service requesting the CA signed certificate be generated.
8
If successful, you will return to the "Device Certificate Management > Advanced" Web page and the new CA‑signed
device certificate with the specified name will be included in the list of certificates. If not, an error message is
displayed.
Note: If a template is specified at the server to require CA administrator approval, then a separate table of
pending certificates is displayed and a message indicating that a request is pending admin approval will be
displayed on the Device Certificate Management screen where the certificate is listed. The certificate is not valid
until approved. Once approval is granted, the message will disappear and the certificate(s) will be displayed in
the installed certificates table.
The link with the certificate name can be selected if you would like to see the information associated with the new
certificate. The "Renew" link is used to renew the certificate when the current CA certificate is about to expire (default
of 2 years).
42