Generating the Key and Certificate for Network Communication

A key and certificate can be generated with the machine when it is required for encrypted communication via Transport Layer Security (TLS). You can use TLS when accessing the machine via the Remote UI. Self-signed certificates are used with the key and certificate generated in "Network Communication."
If you want to use a server certificate that has a CA signature, you can generate a CSR together with a key instead of a certificate. Generating a Key and Certificate Signing Request (CSR)
For more information about the basic operations to be performed when setting the machine from the Remote UI, see Setting Up Menu Options from Remote UI.
1
Start the Remote UI and log in to System Manager Mode. Starting Remote UI
2
Click [Settings/Registration] on the Portal page. Remote UI Screen
3
Select [Device Management]  [Key and Certificate Settings].
4
Click [Generate Key].
Deleting a registered key and certificate
Click [Delete] on the right of the key and certificate you want to delete  click [OK].
A key and certificate cannot be deleted if it is currently used for some purpose, such as when "[TLS]" or "[IEEE 802.1X]" is displayed under [Key Usage]. In this case, disable the function or replace the other key and certificate before deleting it.
5
Select [Network Communication] and click [OK].
6
Specify settings for the key and certificate.
 [Key Settings]
[Key Name]
Enter alphanumeric characters for naming the key. Set a name that will be easy for you to find later in a list.
[Signature Algorithm]
Select the signature algorithm from the drop-down list.
[Key Algorithm]
Select the key generation algorithm from [RSA] or [ECDSA], then select the key length from the drop-down list. In either case, the larger the number for the key length is, the higher the security level becomes. However, the communication speed becomes slower.
 
 
When [SHA384] or [SHA512] is selected in [Signature Algorithm], [512-bit] cannot be selected as the key length when [RSA] is selected in [Key Algorithm].
 [Certificate Settings]
[Validity Start Date (YYYY/MM/DD)]
Enter the validity start date of the certificate, in the order of: year, month, day.
[Validity End Date (YYYY/MM/DD)]
Enter the validity end date of the certificate, in the order of: year, month, day. A date earlier than [Validity Start Date (YYYY/MM/DD)] cannot be set.
[Country/Region]
Click the [Select Country/Region] radio button and select the country/region from the drop-down list. You can also click the [Enter Internet Country Code] radio button and enter a country code, such as "US" for the United States.
[State]/[City]
Enter alphanumeric characters for the location as necessary.
[Organization]/[Organization Unit]
Enter alphanumeric characters for the organization name as necessary.
[Common Name]
Enter alphanumeric characters for the common name of the certificate as necessary. "Common Name" is often abbreviated as "CN."
7
Click [OK].
Generating a key and certificate may take some time.
After the key and certificate is generated, it is automatically registered to the machine.
281Y-077