Configuring the Key and Certificate for TLS

You can encrypt communication between the machine and a Web browser on the computer by using Transport Layer Security (TLS). TLS is a mechanism for encrypting data sent or received over the network. TLS must be enabled when the Remote UI is used for specifying settings for IPSec (Pre-Shared Key Method), IEEE 802.1X authentication (TTLS/PEAP), or SNMPv3. To use TLS encrypted communication for the Remote UI, you need to specify a "key and certificate" (server certificate) you want to use before enabling TLS. Generate or install the key and certificate for TLS before enabling TLS (Management Functions).
For more information about the basic operations to be performed when setting the machine from the Remote UI, see Setting Up Menu Options from Remote UI.
1
Start the Remote UI and log in to System Manager Mode. Starting Remote UI
2
Click [Settings/Registration] on the Portal page. Remote UI Screen
3
Select [Network Settings]  [TLS Settings].
4
Click [Key and Certificate].
5
Click [Register Default Key] on the right of the key and certificate you want to use.
Viewing details of a certificate
You can check the details of the certificate or verify the certificate by clicking the corresponding text link under [Key Name], or the certificate icon.
6
Click [Edit].
7
Configure detailed TLS settings.
[Allowed Versions]
Specify [Maximum Version] and [Minimum Version] of TLS.
[Algorithm Settings]
Select the check box for the algorithm to use for TLS. Depending on the TLS version, some algorithms may not be available.
: Available  : Unavailable
Algorithm
TLS Version
[TLS 1.3]
[TLS 1.2]
[TLS 1.1]
[TLS 1.0]
[Encryption Algorithm]
[AES-CBC (256-bit)]
[AES-CBC (128-bit)]
[AES-GCM (256-bit)]
[AES-GCM (128-bit)]
[3DES-CBC]
[CHACHA20-POLY1305]
[Key Exchange Algorithm]
[RSA]
[ECDHE]
[X25519]
[Signature Algorithm]
[RSA]
[ECDSA]
[HMAC Algorithm]
[SHA1]
[SHA256]
[SHA384]
8
Click [OK].
9
Select [License/Other]  [Remote UI Settings].
10
Click [Edit].
11
Select the [Use TLS] check box and click [OK].
12
Restart the machine. Restarting the Machine
Using the operation panel
You can also enable or disable TLS encrypted communication from <Menu> in the Home screen. <Remote UI>
Starting the Remote UI with TLS
If you try to start the Remote UI when TLS is enabled, a security alert may be displayed regarding the security certificate. In this case, check that the correct URL is entered in the address field, and then proceed to display the Remote UI screen. Starting Remote UI
Using TLS to encrypt I-Fax reception
If the POP3 server supports TLS, you can enable TLS for communication with the POP3 server (Configuring the I-Fax RX Settings). For more information about the POP3 server, contact your Internet service provider or Network Administrator.
8081-046