User`s guide
Managing Key Pairs and Digital Certificates from a Web Browser
2-25
Managing Jobs and Machine Data
2
Managing Key Pairs and Digital Certificates
from a Web Browser
Key pairs and digital certificates can be used for security purposes, such as
IEEE802.1X port-based authentication and SSL communication.
You can manage key pairs and digital certificates from the Remote UI by dividing
them into the following types:
■ Key and Certificate
In IEEE802.1X port-based authentication, a key pair (or a private key and
certificate) in PKCS#12 format is required for enabling the EAP-TLS method on
the client device. If you want to access the machine securely from a web browser
(Remote UI), generate a key pair and set it for SSL communications. Up to three
key pairs can be registered.
■ CA Certificate
CA certificates are used for verifying the digital certificates sent from other
devices, such as servers, client computers, etc. Up to 10 CA certificates
(including the pre-installed CA certificates) can be registered.
This section focuses on how to install and register key pairs and digital certificates
from a computer on the network. For instructions on how to generate a key pair for
SSL communications, see Chapter 3, “Setting up the Machine for Your Network
Environment,” in the System Settings Guide.
IMPORTANT
• Certificates must meet the following requirements:
- Format: X.509 version 1 or version 3 (DER encoded binary)
- Signature algorithm: SHA1-RSA, SHA256-RSA, SHA384-RSA*, SHA512-RSA*,
MD5-RSA, or MD2-RSA (For CA certificates, SHA1-DSA is also allowed.)
- Key length: 512, 1024, 2048, or 4096 bits (RSA)/2048 or 3072 bits (DSA)
- File extension: ‘.p12’ or ‘.pfx’ (for key pair files)/‘.cer’ or ‘.der’ (for CA certificate files)
* SHA384-RSA and SHA512-RSA are supported only when the key length is 1024 bits or more.
• The machine does not use certificate revocation list (CRL) for verifying digital
certificates.
• The Certificate Settings are available only when the Remote UI is in the System
Manager Mode.