Managing and Verifying a Key and Certificate
To encrypt communication with TLS when using Remote UI, or to use TLS as the IEEE 802.1X authentication method, a key and certificate are required. In addition, depending on the communicating device, encrypted communication using a specified certificate may be requested, thereby requiring a key and certificate.
Managing a Key and Certificate
You can prepare a key and certificate on the machine using the following methods:
Generating a Key and Certificate on the Machine
Generate the key and certificate required for TLS on the machine. You can immediately communicate where self-signed certificates are allowed.
Registering a Certificate Issued by a Certificate Authority to a Self-generated Key
When generating a key on the machine, generate a Certificate Signing Request (CSR), request the certificate authority to issue a certificate, and then register that certificate to the key.
Registering a Certificate Obtained from an SCEP Server to a Self-generated Key
When generating a key on the machine, request a Simple Certificate Enrollment Protocol (SCEP) server to issue a certificate, and then register the obtained certificate. You can also configure the settings to request certificate issuance at a specified date and time.
Registering a Key and Certificate or CA Certificate Obtained from an Issuing Authority
Register the key and certificate or CA certificate obtained from a digital certificate issuing authority, without self-generating the key and certificate. You can use a digital certificate that matches the communicating device and authentication level.
Registering an S/MIME Certificate
When you use S/MIME to encrypt e-mail or I-Faxes, register the public key certificate (S/MIME certificate) to use for encryption.
* The machine has a previously registered key and certificate with the name "Default Key," and an X.509 DER format CA certificate.
Verifying a Certificate
You can configure the settings to verify the validity of a certificate that the machine receives from a communicating device, using the Certificate Revocation List (CRL) or Online Certificate Status Protocol (OCSP).