Configuring the Key and Certificate for TLS

You can use TLS encrypted communication to prevent sniffing, spoofing, and tampering of data that is exchanged between the machine and other devices such as computers. When configuring the settings for TLS encrypted communication, you must specify a key and certificate (server certificate) to use for encryption. You can use the key and certificate that are preinstalled in the machine, or you can generate your own or acquire them from a certification authority. Administrator or NetworkAdmin privileges are required in order to configure these settings.

Generating the Key and Certificate for Network Communication


If you want to use a key and certificate that you generate yourself, generate the key and certificate before performing the procedure below. Generating the Key and Certificate for Network Communication If you want to use a key and certificate that you acquire from a certification authority (CA), register the key and certificate before performing the procedure below. Registering a Key and Certificate If you set <Format Encryption Method to FIPS 140-2> to <On>,you can make the TLS communication encryption method comply with the United States government-approved FIPS (Federal Information Processing Standards) 140-2. <Format Encryption Method to FIPS 140-2> If <Format Encryption Method to FIPS 140-2> is set to <On>, an error will occur when you try to specify a certificate for TLS that uses an algorithm not recognized by FIPS (lower than RSA2048bit). A communication error will occur if you set <Format Encryption Method to FIPS 140-2> to <On>, and send to a remote party that does not support FIPS-recognized encryption algorithms.

If you want to use a key and certificate that you generate yourself, generate the key and certificate before performing the procedure below. Generating the Key and Certificate for Network Communication

If you want to use a key and certificate that you acquire from a certification authority (CA), register the key and certificate before performing the procedure below. Registering a Key and Certificate

If you set <Format Encryption Method to FIPS 140-2> to <On>,you can make the TLS communication encryption method comply with the United States government-approved FIPS (Federal Information Processing Standards) 140-2. <Format Encryption Method to FIPS 140-2>

If <Format Encryption Method to FIPS 140-2> is set to <On>, an error will occur when you try to specify a certificate for TLS that uses an algorithm not recognized by FIPS (lower than RSA2048bit).

A communication error will occur if you set <Format Encryption Method to FIPS 140-2> to <On>, and send to a remote party that does not support FIPS-recognized encryption algorithms.

Press

Press <Preferences>

<TLS Settings>.

Press <Key and Certificate>.

Select the key and certificate to use for TLS encrypted communication, and press <Set as Default Key>

<Yes>.

If you want to use the preinstalled key and certificate, select <Default Key>.

TLS encrypted communication cannot use <Device Signature Key>, which is used for the device signature, or <AMS>, which is used for access restrictions.

Press <OK>.

Press <Specify Allowed Versions>.

Specify <Specify Allowed Versions> and <Minimum Version>

press <OK>.

Press <Algorithm Settings>.

Select the encryption algorithm and DSA restriction to use

press <OK>

<OK>.

Press

<Yes>.

The machine restarts, and the settings are applied.

Starting the Remote UI

Distributing the Device Information to Other Canon Multifunction Printers

Setting E-mail/I-Fax Communication

Setting Advanced Space to Public

MEAP