SSL Guide (Secure Socket Layer) To find basic information about network and advanced network features of your Brother machine: uu Network User's Guide. To download the latest manual, please visit the Brother Solutions Center at (http://solutions.brother.com/). You can also download the latest drivers and utilities for your machine, read FAQs and troubleshooting tips or learn about special printing solutions from the Brother Solutions Center. Not all models are available in all countries.
Applicable models This User’s Guide applies to the following models. HL-5450DN(T)/5470DW(T)/6180DW(T) DCP-8110DN/8150DN/8155DN/8250DN/MFC-8510DN/8710DW/8810DW/8910DW/8950DW(T) Definitions of notes We use the following icon throughout this User’s Guide: Note Notes tell you how you should respond to a situation that may arise or give tips about how the operation works with other features. Trademarks The Brother logo is a registered trademark of Brother Industries, Ltd.
IMPORTANT NOTE This product is approved for use in the country of purchase only. Do not use this product outside the country of purchase as it may violate the wireless telecommunication and power regulations of that country. In this manual, the screens of the MFC-8950DW(T) are used unless specified. Windows® XP in this document represents Windows® XP Professional, Windows® XP Professional x64 Edition and Windows® XP Home Edition.
Table of Contents 1 Introduction 1 Overview....................................................................................................................................................1 Brief History of SSL ...................................................................................................................................1 Benefits of using SSL ................................................................................................................................
1 Introduction 1 1 Overview 1 Secure Socket Layer (SSL) is an effective method of protecting data which is sent over a local or wide area network. It works by encrypting data sent over a network, i.e. a print job, so anyone trying to capture it will not be able to read it as all the data will be encrypted. It can be configured on both wired and wireless networks and will work with other forms of security such as WPA keys and firewalls.
Introduction Using Certificates for device security 1 Your Brother machine supports the use of multiple security certificates allowing secure management, authentication and communication with the machine. The following security certificate features can be used with the machine. When you print a document or use Web Based Management (web browser) securely using SSL, you must install the certificate onto your computer. See Digital Certificate Installation uu page 4.
Introduction CA certificate If you use a CA certificate that identifies the CA (Certificate Authority) itself, you must import a CA certificate from the CA, prior to the configuration. (See Import and export a CA certificate uu page 18.) 1 Note • If you are going to use SSL/TLS communication, we recommend that you contact your system administrator first. • When you reset the print server back to its default factory settings, the certificate and the private key that are installed will be deleted.
2 Digital Certificate for SSL communication Digital Certificate Installation 2 2 Printing over a secured network or secure management using Web Based Management (web browser) requires a digital certificate to be installed on both the machine and device which is sending data to the machine, e.g. a computer. Your machine has a pre-installed certificate. In order to configure the certificate, the user needs to log onto the machine remotely through a web browser using its IP address.
Digital Certificate for SSL communication g You can configure the certificate settings. To create a self-signed certificate using Web Based Management, go to Creating a self-signed certificate uu page 6. To create a Certificate Signing Request (CSR), go to Creating a Certificate Signing Request (CSR) uu page 7. 1 2 1 To create and install a self-signed certificate 2 To use a certificate from a Certificate Authority (CA) Note • The functions that are grayed and unlinked indicate they are not available.
Digital Certificate for SSL communication Creating a self-signed certificate a b 2 Click Create Self-Signed Certificate. Enter a Common Name and a Valid Date. 2 Note • The length of the Common Name must be less than 64 characters. Enter an identifier such as an IP address, node name or domain name to use when accessing this machine through SSL/TLS communication. The node name is displayed by default.
Digital Certificate for SSL communication Creating a Certificate Signing Request (CSR) 2 A Certificate Signing Request (CSR) is a request sent to a CA in order to authenticate the credentials contained within the certificate. 2 Note We recommend that the Root Certificate from the CA be installed on your computer before creating the CSR. a b Click Create CSR. Enter a Common Name and your information, such as Organization.
Digital Certificate for SSL communication d Click Submit. The following screen will appear. 2 e After a few moments, you will be presented with the certificate, which can be saved into a small file or copied and pasted directly into an online CSR form offered by a Certificate Authority. Click Save to save the CSR file to your computer. Note Follow your CA policy regarding the method to send a CSR to your CA. f The CSR is created.
Digital Certificate for SSL communication How to install the certificate to your machine 2 When you receive the certificate from a CA, follow the steps below to install it into the print server. Note Only a certificate issued with this machine’s CSR can be installed. When you want to create another CSR, make sure that the certificate is installed before creating another CSR. Create another CSR after installing the certificate to the machine. Otherwise the CSR you made before installing will be invalid.
Digital Certificate for SSL communication Choosing the certificate 2 After you install the certificate, follow the steps below to choose the certificate you want to use. a b c Click Network. 2 Click Protocol. Click HTTP Server Settings and then choose the certificate from the Select the Certificate pull-down list.
Digital Certificate for SSL communication Note • If the following dialog box appears, Brother recommends disabling the Telnet, FTP, TFTP protocols and the network management with older versions of BRAdmin Professional (2.8 or less) for secure communication. If you enable them, user authentication is not secure. • For DCP and MFC models: If you disable FTP, the Scan to FTP function will be disabled. d Click Submit.
Digital Certificate for SSL communication Installing the self-signed certificate or pre-installed certificate onto Windows Vista®, Windows® 7 and Windows Server® 2008 for users with administrator rights 2 2 Note • The following steps are for Windows® Internet Explorer®. If you use another web browser, follow the help text of the web browser itself. • You must have administrator rights to install the self-signed certificate or pre-installed certificate. a b Click the button and All Programs.
Digital Certificate for SSL communication c Type “https://machine’s IP address/” into your browser to access your machine (where “machine’s IP address” is the machine’s IP address or the node name that you assigned for the certificate). Then, click Continue to this website (not recommended).. 2 d Click Certificate Error, and then click View certificates.
Digital Certificate for SSL communication Installing the self-signed certificate or pre-installed certificate for Windows® XP and Windows Server® 2003 users a b Start your web browser. c When the security alert dialog box appears, do one of the following: 2 2 Type “https://machine’s IP address/” into your browser to access your machine (where “machine’s IP address” is the IP address or the node name that you assigned for the certificate). Click Continue to this website (not recommended)..
Digital Certificate for SSL communication e When the Certificate Import Wizard appears, click Next. 2 f You need to specify a location to install the certificate. We recommend you choose Place all certificates in the following store and then, click Browse.... g Choose Trusted Root Certification Authorities and then click OK.
Digital Certificate for SSL communication h Click Next. 2 i j On the next screen, click Finish. You will then be asked to install the certificate. Do one of the following: If you are installing the self-signed certificate, confirm the fingerprint (thumbprint) and then click Yes. If you are installing the pre-installed certificate, click Yes. Note • For the self-signed certificate, the fingerprint (thumbprint) is printed on the Network Configuration Report.
Digital Certificate for SSL communication Import and export the certificate and private key 2 You can store the certificate and private key on the machine and manage them by importing and exporting. How to import the self-signed certificate, the certificate issued by a CA, and the private key a b c d 2 Click Import Certificate and Private Key on the Certificate page. Specify the file that you want to import. Enter the password if the file is encrypted, and then click Submit.
Digital Certificate for SSL communication Import and export a CA certificate 2 You can store a CA certificate on the machine by importing and exporting. How to import a CA certificate a b Click CA Certificate on the Security page. Click Import CA Certificate and choose the certificate. Click Submit. How to export a CA certificate a b c d 2 2 Click CA Certificate on the Security page. Choose the certificate you want to export and click Export. Click Submit.
Digital Certificate for SSL communication Managing multiple certificates 2 The multiple certificate feature allows you to manage each certificate that you have installed using Web Based Management. After installing certificates, you can view what certificates are installed from the Certificate page and then view each certificate's content, delete or export the certificate. For information on how to access the Certificate page, see Digital Certificate Installation uu page 4.
3 Managing your network machine securely using SSL/TLS 3 To manage your network machine securely, you need to use the management utilities with security protocols. Secure Management using Web Based Management (web browser) 3 We recommend to use HTTPS protocol for secure management. To use these protocols, the following machine settings are required. Note • The HTTPS protocol is enabled by default.
4 Printing documents securely using SSL 4 Printing documents securely using IPPS for Windows® 4 We recommend to use IPPS protocol for secure management. To use the IPPS protocol, the following machine settings are required. Note • Communication using IPPS cannot prevent unauthorized access to the print server. 4 • You must also install the certificate you have installed to the machine onto your computer.
Printing documents securely using SSL g When you click Next, Windows® XP and Windows Server® 2003 will make a connection with the URL that you specified. If the printer driver has already been installed: You will see the printer selection screen in the Add Printer Wizard. Go to step k. If the printer driver has NOT been installed: One of the benefits of the IPP printing protocol is that it establishes the model name of the printer when you communicate with it.
Printing documents securely using SSL Windows Vista®, Windows® 7 and Windows Server® 2008 a 4 (Windows Vista®) Click the button, Control Panel, Hardware and Sound, and then Printers. ® (Windows 7) Click the button, and then click Devices and Printers. (Windows Server® 2008) Click Start, Control Panel, Hardware and Sound, and then Printers. b c d e 4 Click Add a printer. Choose Add a network, wireless or Bluetooth printer. Click The printer that I want isn’t listed.
Printing documents securely using SSL If the printer driver has NOT been installed: One of the benefits of the IPP printing protocol is that it establishes the model name of the printer when you communicate with it. After successful communication you will see the model name of the printer automatically. This means that you do not need to inform Windows® 7, Windows Vista® and Windows Server® 2008 about the type of printer driver to be used. Go to step g.
5 Sending or Receiving (for DCP and MFC models) an E-mail securely 5 Configuration using Web Based Management (web browser) 5 You can configure secured E-mail sending with user authentication or E-mail sending and receiving (for DCP and MFC models) using SSL/TLS on the Web Based Management screen. a b Start your web browser. Type “http://machine’s IP address/” into your browser (where “machine’s IP address” is the machine’s IP address). For example: 5 http://192.168.1.
Sending or Receiving (for DCP and MFC models) an E-mail securely Sending or Receiving (for DCP and MFC models) an E-mail securely using SSL/TLS 5 This machine supports SSL/TLS methods to send or receive (for DCP and MFC models) an E-mail via an E-mail server that requires secure SSL/TLS communication. To send or receive E-mail via an E-mail server that is using SSL/TLS communication, you must configure SMTP over SSL/TLS or POP3 over SSL/TLS correctly.
6 Troubleshooting 6 Overview 6 This chapter explains how to resolve typical network problems you may encounter when using the Brother machine. If, after reading this chapter, you are unable to resolve your problem, please visit the Brother Solutions Center at: (http://solutions.brother.com/). Please go to the Brother Solutions Center at (http://solutions.brother.com/) and click Manuals on your model page to download the other manuals.
Troubleshooting I cannot print the document over the internet using IPPS. Question I cannot communicate with my Brother machine using SSL. Solution Obtain valid certificate and install on both your machine and computer again. Make sure the port setting of your machine is correct. You can confirm your machine’s port setting on the Web Based Management screen, by clicking Network, Protocol and then HTTP Server Settings. I want to check my network devices are working properly.
Troubleshooting Printing the Printer Settings Page (For HL-5450DN(T)) 6 Note Node name: The Node name appears on the Network Configuration Report. The default node name is “BRNxxxxxxxxxxxx”. (“xxxxxxxxxxxx” is your machine’s MAC Address / Ethernet Address.) The Printer Settings Page prints a report listing all the current printer settings including the network print server settings. You can print the Printer Settings Page using the Go button on the machine.
Troubleshooting For DCP-8110DN, DCP-8150DN, DCP-8155DN, MFC-8510DN, MFC-8710DW, MFC-8810DW and MFC-8910DW a b Press Menu. c Press a or b to choose Network Config. Press OK. d Press Start. 6 (For MFC models) Press a or b to choose Print Reports. (For DCP models) Press a or b to choose Machine Info.. Press OK. For DCP-8250DN and MFC-8950DW(T) a b c d 6 6 Press Menu. Press a or b to display Print Reports and then press Print Reports. Press Network Config. Press Start.
Troubleshooting Network terms and concepts 6 SSL technical overview 6 Secure Socket Layer (SSL) is a method for protecting transport layer data sent over a local or wide area network by using the Internet Printing Protocol (IPP), to prevent unauthorised users being able to read them. It achieves this by using authentication protocols in the form of digital keys, of which there are 2: A public key – known by everyone who is printing.
Troubleshooting Network terms 6 Secure Socket Layer (SSL) The security communication protocol encrypts data to prevent security threats. Internet Printing Protocol (IPP) IPP is a standard printing protocol used for managing and administering print jobs. It can be used both locally and globally so anyone in the world can print to the same machine. IPPS The version of the printing protocol Internet Printing Protocol (IPP Version 1.0) that uses SSL.