Generating a Key and Certificate Signing Request (CSR) and Obtaining and Registering a Certificate

As a certificate generated on the machine does not have a signature from a certificate authority, the machine may not be able to communicate depending on the communicating device. In this case, registering a signed certificate issued by a certificate authority to the key enables communication even with a self-generated key.
For the certificate authority to issue a signed certificate, you must make a request attached with a Certificate Signing Request (CSR). The machine generates a CSR at the same time it generates a key.
For more information about the keys that can be generated by the machine and the CSR algorithm, see self-generated key and CSR specifications. Keys and Certificates

Generating a Key and CSR

Generate a key and CSR using Remote UI from a computer. You cannot use the control panel to generate a key and CSR.
Administrator privileges are required.
1
Log in to Remote UI in System Manager Mode. Starting Remote UI
2
On the Portal page of Remote UI, click [Settings/Registration]. Portal Page of Remote UI
3
Click [Device Management] [Key and Certificate Settings] [Generate Key].
The [Generate Key] screen is displayed.
4
Select [Key and Certificate Signing Request (CSR)], and click [OK].
The [Generate Key and Certificate Signing Request (CSR)] screen is displayed.
5
In [Key Settings], enter the name of the key, and select the signature algorithm and key algorithm.
Enter the key name using single-byte alphanumeric characters.
For the key algorithm, select [RSA] or [ECDSA], and select the key length from the pulldown menu. The longer the key length, the better the security, but this slows down communication processing.
6
In [Certificate Signing Request (CSR) Settings], set the CSR information.
[Country/Region]
Select [Select Country/Region], and either select the country or region from the pulldown menu, or select [Enter Internet Country Code] and enter the country code.
[State]/[City]/[Organization]/[Organization Unit]
Enter the items as needed using single-byte alphanumeric characters.
[Common Name]
Enter the name of the certificate subject as needed using single-byte alphanumeric characters. This corresponds to the Common Name (CN).
7
Click [OK].
The [Key and Certificate Signing Request (CSR) Details] screen is displayed.
8
Click [Store in File] to save the CSR file to a computer.
9
Log out from Remote UI.
10
Submit the application with CSR file attached to the certificate authority.
When the CSR is generated, the key is registered to the machine, but it cannot be used until the certificate issued by the certificate authority is registered.

Registering a Certificate Issued by a Certificate Authority to a Key

Register the certificate using Remote UI from a computer. You cannot use the control panel to register it.
Administrator privileges are required.
1
Log in to Remote UI in System Manager Mode. Starting Remote UI
2
On the Portal page of Remote UI, click [Settings/Registration]. Portal Page of Remote UI
3
Click [Device Management] [Key and Certificate Settings].
The [Key and Certificate Settings] screen is displayed.
4
Click the key name (or certificate icon) to which to register the certificate.
The [Key and Certificate Signing Request (CSR) Details] screen is displayed.
5
Click [Register Certificate].
6
In [Specify File], click [Browse], and specify the file of the certificate issued by the certificate authority.
7
Click [Register].
The icon of the certificate displayed in [Registered Key and Certificate] on the [Key and Certificate Settings] screen changes from [] to [].
8
Log out from Remote UI.
Viewing and Verifying Detailed Information of a Registered Certificate
Click the key name (or certificate icon) in [Registered Key and Certificate] on the [Key and Certificate Settings] screen to display the certificate details.
On the certificate details screen, click [Verify Certificate] to verify that the certificate is valid.
When the Key and Certificate Cannot Be Deleted
You cannot delete a key and certificate being used. Disable the function being used, or delete these after switching to another key and certificate.
A19U-076