Configuring the Key and Certificate for TLS

You can use TLS encrypted communication to prevent sniffing, spoofing, and tampering of data that is exchanged between the machine and other devices such as computers. When configuring the settings for TLS encrypted communication, you must specify a key and certificate (server certificate) to use for encryption. You can use the key and certificate that are preinstalled in the machine, or you can generate your own or acquire them from a certification authority. Administrator or NetworkAdmin privileges are required in order to configure these settings.
If you want to use a key and certificate that you generate yourself, generate the key and certificate before performing the procedure below. Generating the Key and Certificate for Network Communication
1
Press  (Settings/Registration).
2
Press <Preferences>  <Network>  <TCP/IP Settings>  <TLS Settings>.
3
Press <Key and Certificate>.
4
Select the key and certificate to use for TLS encrypted communication, and press <Set as Default Key>.
If you want to use the preinstalled key and certificate, select <Default Key>.
TLS encrypted communication cannot use <Device Signature Key>, which is used for the device signature, or <AMS>, which is used for access restrictions.
5
Press <OK>.
6
Press <Specify Allowed Versions>.
7
Specify <Maximum Version> and <Minimum Version>  press <OK>.
8
Set each algorithm press <OK>.
The following combinations of TLS version and algorithm are available.
: Available
-: Unavailable
Algorithm
TLS Version
<TLS 1.3>
<TLS 1.2>
<TLS 1.1>
<TLS 1.0>
<Encryption Algorithm Settings>
<AES-CBC (256-bit)>
-
<AES-GCM (256-bit)>
-
-
<3DES-CBC>
-
<AES-CBC (128-bit)>
-
<AES-GCM (128-bit)>
-
-
<CHACHA20- POLY1305>
-
-
-
<Key Exchange Algorithm Settings>
<RSA>
-
<ECDHE>
<X25519>
-
-
-
<Signature Algorithm Settings>
<RSA>
<ECDSA>
<HMAC Algorithm Settings>
<SHA1>
-
<SHA256>
-
-
<SHA384>
-
-
9
Press  (Settings/Registration) <Yes>.
The machine restarts, and the settings are applied.
AE9R-08S