Configuring the Key and Certificate for TLS

You can use TLS encrypted communication to prevent sniffing, spoofing, and tampering of data that is exchanged between the machine and other devices such as computers. When configuring the settings for TLS encrypted communication, you must specify a key and certificate (server certificate) to use for encryption. You can use the key and certificate that are preinstalled in the machine, or you can generate your own or acquire them from a certification authority. Administrator privileges are required in order to configure these settings.
If you want to use a key and certificate that you generate yourself, generate the key and certificate before performing the procedure below. Generating the Key and Certificate for Network Communication
If you want to use a key and certificate that you acquire from a certification authority (CA), register the key and certificate before performing the procedure below. Registering a Key and Certificate

Setting TLS

1
Start the Remote UI. Starting the Remote UI
2
Click [Settings/Registration] on the portal page. Remote UI Screen
3
Click [Network Settings]  [TLS Settings].
4
Click [Key and Certificate].
5
Click [Use] for the key and certificate to use for TLS encrypted communication.
If you want to use the preinstalled key and certificate, select [Default Key].
6
Click [Network Settings]  [TLS Settings].
7
Specify [Maximum Version] and [Minimum Version].
8
Select the algorithm to use, and click [OK].
The following combinations of TLS version and algorithm are available.
: Available
-: Unavailable
Algorithm
TLS Version
[TLS 1.3]
[TLS 1.2]
[TLS 1.1]
[TLS 1.0]
[Encryption Algorithm]
[AES-CBC (256-bit)]
-
[AES-GCM (256-bit)]
-
-
[3DES-CBC]
-
[AES-CBC (128-bit)]
-
[AES-GCM (128-bit)]
-
-
[CHACHA20-POLY1305]
-
-
-
[Key Exchange Algorithm]
[RSA]
-
[ECDHE]
[X25519]
-
-
-
[Signature Algorithm]
[RSA]
[ECDSA]
[HMAC Algorithm]
[SHA1]
-
[SHA256]
-
-
[SHA384]
-
-
[Format Encryption Method to FIPS 140-2] cannot be used when [CHACHA20-POLY1305] or [X25519] is selected.
Starting the Remote UI with TLS
If you try to start the Remote UI when TLS is enabled, a security alert may be displayed regarding the security certificate. In this case, check that the correct URL is entered in the address field, and then proceed to display the Remote UI screen. Starting the Remote UI
Batch importing/batch exporting
This setting can be imported/exported with models that support batch importing of this setting. Importing/Exporting the Setting Data
This setting is included in [Settings/Registration Basic Information] when batch exporting. Importing/Exporting All Settings

Setting the Security Strength and Encryption Method

1
Start the Remote UI. Starting the Remote UI
2
Click [Settings/Registration] on the portal page. Remote UI Screen
3
Click [Security Settings]  [Encryption/Key Settings].
4
Click [Edit] in [Encryption Settings].
5
Configure the encryption settings and encryption method, and click [OK].
[Prohibit Use of Weak Encryption]
Select this check box to prohibit the use of weak encryption with a key length of 1024 bits or less. To prohibit the use of keys and certificates that use weak encryption, select [Prohibit Use of Key/Certificate with Weak Encryption].
[Format Encryption Method to FIPS 140-2]
Select this check box to make functions using encryption comply with FIPS 140-2.
If you select [Format Encryption Method to FIPS 140-2], you can make the TLS communication encryption method comply with the United States government-approved FIPS (Federal Information Processing Standards) 140-2, but the following limitations apply.
An error will occur if you specify a certificate for TLS that uses an algorithm not recognized by FIPS (lower than RSA2048bit).
A communication error will occur if the communication destination does not support FIPS-recognized encryption algorithms.
[CHACHA20-POLY1305] and [X25519] can no longer be used.
Batch importing/batch exporting
This setting can be imported/exported with models that support batch importing of this setting. Importing/Exporting the Setting Data
This setting is included in [Settings/Registration Basic Information] when batch exporting. Importing/Exporting All Settings
7KKK-084