Configuring the Verification Method of a Received Certificate
You can configure the settings to verify the validity of a certificate that the machine receives from a communicating device, using the Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP).
CRL
A CRL is a file issued by a certification authority that lists information on revoked certificates.
By registering a CRL obtained from the certificate authority in the machine, you can check the CRL to verify the validity of certificates that the machine receives from communicating devices.
The CRL registered to the machine is not updated automatically, so you must register it again each time it is updated by the certificate authority.
OCSP
OCSP is a protocol used to inquire to an OCSP responder (server that supports OCSP) about the revocation status of a certificate issued by a certificate authority.
You can configure the settings to verify the validity of a certificate that the machine receives from a certificate authority, using the OCSP.
Registering a CRL to Verify a Certificate
Configure this setting using Remote UI from a computer. You cannot use the control panel to configure the setting.
Administrator privileges are required.
1
Log in to Remote UI as an administrator.
Starting Remote UI2
On the Portal page of Remote UI, click [Settings/Registration].
Remote UI Portal Page3
Click [Device Management]
[Certificate Revocation List (CRL) Settings].
The [Certificate Revocation List (CRL) Settings] screen is displayed.
4
Click [Register CRL].
The [Register Certificate Revocation List (CRL)] screen is displayed.
5
Click [Choose File], and specify the file to register.
6
Click [Register].
The registered CRL is added to the CRL list on the [Certificate Revocation List (CRL) Settings] screen.
7
Log out from Remote UI.
NOTE
Viewing and Verifying Detailed Information of a Registered CRL
When you click the the icon of the CRL in the CRL list on the [Certificate Revocation List (CRL) Settings] screen, the CRL details are displayed.
On the CRL details screen, click [Verify CRL] to verify that the CRL is valid.
Verifying a Received Certificate with OCSP
Configure this setting using Remote UI from a computer. You cannot use the control panel to configure the setting.
Administrator privileges are required.
1
Log in to Remote UI as an administrator.
Starting Remote UI2
On the Portal page of Remote UI, click [Settings/Registration].
Remote UI Portal Page3
Click [Device Management]
[OCSP (Online Certificate Status Protocol) Settings].
The [OCSP (Online Certificate Status Protocol) Settings] screen is displayed.
4
Select the [Use OCSP (Online Certificate Status Protocol)] checkbox.
5
Configure the verification level and OCSP responder settings.
[Certificate Verification Level]
Set whether to validate the certificate even if its revocation status cannot be confirmed, such as when the machine is unable to connect to an OCSP responder.
[OCSP Responder Settings]
Select the URL of the OCSP responder you want to use. If you select [Use custom URL] or [Use Certificate URL (Use Custom URL If Certificate URL Cannot Be Retrieved)], enter the URL of the OCSP responder in [Custom URL].
[Communication Timeout]
Enter the time from start of communication to timeout in seconds.
6
Click [OK].
The settings are applied.
7
Log out from Remote UI.