IMPORTANT
|
Certificates must meet the following requirements:
Format: X.509 version 1 or version 3 (DER encoded binary)
Signature algorithm: SHA1-RSA, SHA256-RSA, SHA384-RSA*, SHA512-RSA*, MD5-RSA, or MD2-RSA (For CA certificates, SHA1-DSA is also allowed.)
Key length: 512, 1024, 2048, or 4096 bits (RSA)/2048 or 3072 bits (DSA)
File extension: ‘.p12’ or ‘.pfx’ (for key pair files)/‘.cer’ or ‘.der’ (for CA certificate files)
* SHA384-RSA and SHA512-RSA are supported only when the key length is 1024 bits or more.
The machine does not use certificate revocation list (CRL) for verifying digital certificates.
|
NOTE
|
Key pairs and digital certificates can be installed from a web browser (Remote UI). (Managing Jobs and Machine Data)
Key pairs and digital certificates can be registered both with the control panel and from a web browser (Remote UI).
|
1
|
Press [Key Name] → enter a name for the key pair (up to 24 characters) using the on-screen keyboard → press [OK].
|
2
|
Press [Next].
|
1
|
Press the Signature Algorithm drop-down list → press [SHA1], [SHA256], [SHA384], or [SHA512] to select the desired hash algorithm.
IMPORTANT:
SHA384 and SHA512 are supported only when the key length is 1024 bits or more.
|
2
|
Press the Key Length drop-down list → press [512], [1024], [2048], or [4096] to select the desired key length (expressed in bits).
|
3
|
Press [Next].
|
1
|
Press [Validity Start Date] → enter the date (day, month, and year) from which the certificate is valid using - (numeric keys).
|
2
|
Press [Validity End Date] → enter the date (day, month, and year) to which the certificate is valid using - (numeric keys).
IMPORTANT:
The date set for [Validity End Date] must not be earlier than [Validity Start Date].
|
3
|
Press [Next].
|
|
[Country/Region]:
|
Press to select a country/region from the list. If [Other] is selected, you can specify the country/region by entering an Internet country code using the on-screen keyboard. An Internet country code consists of two uppercase letters, such as US, UK, etc.
|
[State]:
|
Press to enter the state name (up to 24 characters) using the on-screen keyboard.
|
|
[City]:
|
Press to enter the city name (up to 24 characters) using the on-screen keyboard.
|
|
[Organization]:
|
Press to enter the organization name (up to 24 characters) using the on-screen keyboard.
|
|
[Organization Unit]:
|
Press to enter the name of the organization unit, such as a department, section, etc., (up to 24 characters) using the on-screen keyboard.
|
|
[Common Name]:
|
Press to enter the machine’s IP address or FQDN (up to 48 characters) using the on-screen keyboard → press [OK].
|
1
|
Select the key pair file you want to register → press [Register].
NOTE:
Up to three key pairs can be registered.
If you want to delete unnecessary files, select the file → press [Erase] → [Yes].
|
2
|
Press [Key Name] → enter the name of the private key (up to 24 characters) using the on-screen keyboard → press [OK].
|
3
|
Press [Password] → enter the password for the private key (up to 24 characters) using the on-screen keyboard → press [OK].
|
4
|
Press [OK].
|
NOTE
|
For instructions on how to manage the registered key pair and certificate, see Checking/Deleting a Key and Certificate.
|
IMPORTANT
|
If (invalid) is displayed to the left of a key pair, it may be invalid or corrupted. After deleting the invalid or corrupted file, generate or register a new key pair. (Generating a Key Pair for TLS Communications, Registering a Key and Certificate)
|
1
|
Select the key and certificate you want to check → press [Cert. Details].
The certificate details are displayed.
NOTE:
Press [All] to display the complete information of the listing.
If [Cert. Verif.] is pressed, the machine checks for errors in the certificate.
|
1
|
Select the key and certificate with ‘On’ indicated under <Use> → press [Display Use Loc.].
The Display Use Location screen is displayed.
|
1
|
Select the key pair that you want to erase → press [Erase].
IMPORTANT:
You may not be able to delete a key pair if ‘On’ is indicated under <Use> in the list. In this case, press [Display Use Loc.] to check what the key pair is being used for and perform the following:
If the key pair is used for TLS, disable the TLS settings for e-mails/I-faxes and the Remote UI. (Setting up E-Mail / I-Fax Function, Restricting the Remote UI)
If the key pair is used for IEEE802.1X authentication, register a new key pair and set it as the default key. (Registering a Key and Certificate, Selecting the IEEE802.1X Authentication Method) The key pair reset to ‘Off’ can be deleted.
|
2
|
Press [Yes] to erase the selected file.
To quit, press [No].
|
3
|
Restart the machine.
Turn OFF the machine, wait at least 10 seconds, and then turn it ON.
|
1
|
Select the CA certificate file you want to register → press [Register].
NOTE:
Up to 10 CA certificates can be registered.
If you want to delete unnecessary files, select the file → press [Erase] → [Yes].
|
2
|
Press [Yes].
|
NOTE
|
For instructions on how to manage the registered CA certificate, see Checking/Deleting a CA Certificate.
|
1
|
Select the CA certificate you want to check → press [Cert. Details].
The certificate details are displayed.
NOTE:
Press [All] to display the complete information of the listing.
If [Cert. Verif.] is pressed, the machine checks for errors in the certificate.
|
1
|
Select the CA certificate you want to erase → press [Erase].
|
2
|
Press [Yes] to erase the selected file.
To quit, press [No].
|
3
|
Restart the machine.
Turn OFF the machine, wait at least 10 seconds, and then turn it ON.
|