Dell™ C7765dn Smart Card Reader Installation and Configuration Guide Regulatory Model: C7765dn
Information in this document is subject to change without notice. © 2014 Dell Inc. All rights reserved. This publication could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in later editions. Improvements or changes in the products or the programs described may be made at any time. For Dell technical support and downloads, visit dell.
Table of Contents Table of Contents 1 Before Using the Smart Card Solution .................................................................................5 Preface ........................................................................................................................................6 Conventions...............................................................................................................................6 Feature Overview..................................................
Problem Solving...................................................................................................................... 41 Error Messages........................................................................................................................42 Technical Support ..................................................................................................................45 Service Tag and Express Code45 5 Appendix.........................................................
1 Before Using the Smart Card Solution This chapter describes the Smart Card (CAC/PIV) solution and the items to be confirmed. • Preface............................................................................................................................6 • Conventions ..................................................................................................................6 • Feature Overview ....................................................................................................
1 Before Using the Smart Card Solution Preface This guide is intended for use by Dell service providers and network administrators responsible for the management of security appliances and software in the network environment of the organization where the machine is installed, and describes the setup procedures related to the Smart Card solution. It may not include all options and settings available and configurable on the machine.
Feature Overview Feature Overview The Dell Smart Card solution brings an advanced level of security to sensitive information. This ensures that only authorized users are able to copy, scan, print, e-mail, and fax information. Once validated, a user is logged into the machine for all features. This functionality requires the use of PKI certificates that must be made available to the machine.
1 Before Using the Smart Card Solution Supported Card Readers The following card readers are compatible with the solution: • SCR331 • SCR3310 v2.0 Note • Other CCID compliant ISO-7816 card reader may function with the solution, but have not been validated. • For Dell technical support and downloads, visit dell.com/support or contact Dell's ProSupport Help Desk for assistance by calling 1-866-516-3115, or by e-mailing imaging_Solutions_Support_CAC@dell.com.
Supported Card Types Supported Card Types The customer is responsible for purchasing and configuring the access cards.
1 Before Using the Smart Card Solution Compatibility This solution is compatible with the following product and configurations: Configuration Dell C7765dn 1 2 Software Level Controller ROM Ver. 2.205.0 and later CAC Yes PIV Yes Press the button on the control panel. Select [Software Version] on the [Machine Information] screen. You can identify the software versions of the components of the machine on the screen.
2 Installation This chapter provides instructions for installing and configuring the Smart Card solution. There are five main installation procedures to follow in sequence. • Hardware Installation ................................................................................................ 12 • Initial Settings Procedures Using Dell Printer Configuration Web Tool ...... 13 • Initial Settings Procedures Using Control Panel ................................................
2 Installation Hardware Installation Connect your card reader to the available USB port.
Initial Settings Procedures Using Dell Printer Configuration Web Tool Initial Settings Procedures Using Dell Printer Configuration Web Tool This section describes the initial settings related to the Smart Card solution, and how to set them on Dell Printer Configuration Web Tool. Preparations for settings on Dell Printer Configuration Web Tool................................... 13 Set SSL/TLS.....................................................................................................................
2 Installation Set SSL/TLS Installation of the card reader requires HTTP - SSL/TLS communication between a network-connected computer and the machine. 1 2 3 Click [Security] on the [Properties] screen. Click [Machine Digital Certificate Management]. Click [Create New Certificate]. Note 4 5 • If [Create New Self Signed Certificate] is displayed, click it and go to step 5. Select [Self-Signed Certificate] and click [Continue].
Initial Settings Procedures Using Dell Printer Configuration Web Tool 8 Check the [Enabled] box for [HTTP - SSL / TLS Communication] and [LDAP- SSL / TLS Communication]. Note 9 10 • For the secure operation, you should check the [Enabled] box for [Verify Remote Server Certificate], and import the CA certificate. If SMTP server has SSL/TLS function and if you want to use a secure e-mail, configure the [SMTP - SSL / TLS Communication]. Click [Apply]. Click [Reboot Machine] if prompted.
2 Installation Import root CA and intermediate CA certificates for the Smart Card Import root CA and intermediate CA certificates for the Smart Card, Kerberos server, and OCSP responder. Supported CA certificate formats The CA certificate formats that can be used are as follows: • DER encoded binary X.509 (.CER) • Base 64 encoded X.509 (.CER) • DER encoded binary PKCS #7 (.P7B) Note • Base 64 encoded PKCS #7 is not supported.
Initial Settings Procedures Using Dell Printer Configuration Web Tool View the imported CA certificates The following steps are optional. You can check the imported CA certificates. 1 2 3 Click [Certificate Management]. Select [Trusted Certificate Authorities] or [Intermediate Certificate Authorities]. Click [Display the list]. Set SMTP Configure the SMTP settings to use the Scan to E-mail service. 1 2 3 Click [Configuration Overview] on the [Properties] screen. Click [Settings] for [E-mail].
2 Installation Set S/MIME Enable the S/MIME communication to use the e-mail encryption and digital signature features. To use S/MIME on the machine, a certificate issued by another CA is required. Creating a Certificate Signing Request (CSR) 1 2 3 4 5 Click [Security] on the [Properties] screen. Click [Machine Digital Certificate Management]. Click [Create New Certificate]. Select [Certificate Signing Request (CSR)] and click [Continue]. Make the following settings and click [Apply].
Initial Settings Procedures Using Dell Printer Configuration Web Tool Note 7 • If [Use this certificate] is not available, then the selected certificate has expired, or is not valid. All certificates in the certification path (chain of trust) must be installed on the machine and be valid. Click [Reboot Machine] if prompted. Enabling S/MIME communication 1 2 3 4 5 Click [Security] on the [Properties] screen. Click [SSL / TLS Settings]. Check the [Enabled] box for [S/MIME Communication].
2 Installation Note 6 7 • Using system credentials to authenticate to an Active Directory LDAP server, you must use the format “domain\user”. Click [Apply]. Click [Reboot Machine] if prompted. Set Kerberos Server Configure the Kerberos server settings for authentication. 1 2 3 4 Click [Security] on the [Properties] screen. Click [Kerberos Server] under [Remote Autentication Servers]. Check the [Enabled] box for [Server Certificate Validation].
Initial Settings Procedures Using Dell Printer Configuration Web Tool Set Certificate Revocation Retrieval Perform either of the following steps to configure the Certificate Revocation Retrieval settings. Using CRL method 1 2 3 4 5 6 7 Click [Security] on the [Properties] screen. Click [Certificate Revocation Retrieval settings]. Select [High] for [Level of Certificate Verification]. Select [By Retrieving CRL] for [Retrieval of Certificate status]. Check the [Enabled] box for [Auto Retrieval of CRL].
2 Installation Using OCSP method 1 2 3 4 5 6 7 8 9 Click [Security] on the [Properties] screen. Click [Certificate Revocation Retrieval settings]. Select [High] for [Level of Certificate Verification]. Select [By OCSP] for [Retrieval of Certificate status]. Select [URL As Specified by Administrator] for [Send Query to OCSP Responder With]. Set the URL of OCSP for [URL of OCSP Responder]. Uncheck the [Enabled] box for [Auto Retrieval of CRL]. Click [Apply]. Click [Reboot Machine] if prompted.
Initial Settings Procedures Using Dell Printer Configuration Web Tool Set User ID Case Sensitivity 1 2 3 4 5 Click [Security] on the [Properties] screen. Click [User Details Setup]. Select [Non-Case Sensitive] for [User ID for login]. Click [Apply]. Click [Reboot Machine] if prompted. Enable Plug-in Settings 1 2 3 4 5 Click [Security] on the [Properties] screen. Click [Plug-in Settings] under [Plug-in Settings]. Check the [Enabled] box. Click [Apply]. Click [Reboot Machine] if prompted.
2 Installation Initial Settings Procedures Using Control Panel This section describes the initial settings related to the Smart Card solution, and how to set them on the machine’s control panel. Authentication for entering the System Administration mode ......................................... 24 Check the system clock .............................................................................................................. 25 Set NTP Time Synchronization...............................................
Initial Settings Procedures Using Control Panel Check the system clock 1 2 3 4 5 6 7 Select [System Settings] on the [Tools] screen. Select [Common Service Settings]. Select [Machine Clock / Timers]. You can check the time and the date of the system clock. If you need to change the time and the date, refer to the following procedures. Select the required option. Select [Change Settings]. Change the required setting. Select [Save].
2 Installation 4 5 6 7 8 9 10 11 Select [NTP Time Synchronization]. Select [Change Settings]. Select [On]. Select [Save]. Select [Time Server Address]. Select [Change Settings]. Enter the IP address of the server in which the network time will be synched with. Select [Save]. Set Authentication 1 2 26 Select [Authentication / Security Settings] on the [Tools] screen. Select [Authentication].
Initial Settings Procedures Using Control Panel 3 Select [Login Type]. 4 Select [Login to Remote Accounts]. 5 6 7 8 9 10 11 12 Select [Save]. Select [System Settings] on the [Tools] screen. Select [Connectivity & Network Setup]. Select [Remote Authentication / Directory Service]. Select [Authentication System Setup]. Select [Authentication System]. Select [Change Settings]. Select [Kerberos (Windows 2000)] or [Kerberos (Solaris)] according to your environment.
2 Installation 13 14 Select [Save]. Select [Close] twice. Set Use of Smart Card 1 2 3 4 5 6 7 8 9 28 Select [Authentication / Security Settings] on the [Tools] screen. Select [Authentication]. Select [User Details Setup]. Select [Use of Smart Card]. Select [Change Settings]. Select [Enabled]. Select [Save]. Select [Smart Card Link Mode]. Select [Change Settings].
Initial Settings Procedures Using Control Panel 10 11 12 13 14 15 Select [No Passcode Required]. Select [Save]. Select [Smart Card Certificate Verification]. Select [Change Settings]. Select [Enabled]. Select [Save]. Note • After the Smart Card feature is enabled and the machine reboots, the machine may receive a “121-318” fault code. This is normal, and the machine will reboot again after several seconds. • Generally, the object identifier settings for Smart Card certificate are not required.
2 Installation 3 Select [Access Control]. 4 Select [Device Access]. 5 Select [Locked]. 6 7 8 9 10 11 12 30 Select [Save]. Select [Service Access]. Select an item (i.e. [Copy]) then [Change Settings]. Select [Unlocked], [Locked (Show Icon)], or [Locked (Hide Icon)]. Select [Save]. Perform steps 8 to 10 for each item. Select [Close].
Initial Settings Procedures Using Control Panel 13 14 15 16 17 Select [Feature Access]. Select an item (i.e. [Color Copying]) then [Change Settings]. Select [Unlocked] or [Locked]. Perform steps 14 and 15 for each item. Select [Close].
2 Installation Set Private Charge Print Configure the settings for using Private Charge Print. The Private Charge Print feature allows you to temporarily store print data for each authentication user ID, and request on the machine’s control panel to print the data. 1 2 3 4 5 6 7 8 9 10 11 32 Select [Authentication / Security Settings] on the [Tools] screen. Select [Authentication]. Select [Charge / Private Print Settings]. Select [Receive Control]. Select [Change Settings].
Initial Settings Procedures Using Printer Driver of User Client Initial Settings Procedures Using Printer Driver of User Client This section describes the initial settings related to the Smart Card solution, and how to set them on the printer driver. Note • The procedures may vary depending on the version of your driver and the operating system of your computer. Configure the User Account 1 2 Right-click on the printer icon. Select [Printer properties] from the displayed menu.
2 Installation Installation of Plug-in This section describes how to install, uninstall, and upgrade the plug-in for the Smart Card Reader. Note • The procedures may vary depending on the version of the installation tool and the operating system of your computer. • During machine operation or jobs in progress, installation process cannot be started. In this case, wait for a while and then start installation. • During installation process, machine operation is out of service.
3 Usage Examples This chapter describes the operations using the Smart Card to use security features for authenticated users. • User Authentication...................................................................................................36 • Digital Signature for S/MIME ...................................................................................37 • Digital Signature for Scan Files .............................................................................. 38 • Private Charge Print......
3 Usage Examples User Authentication You can log in and out of the machine using a Smart Card. Note 1 2 3 4 • The screen display varies depending on the configuration of the machine. Insert a Smart Card into the attached card reader. Enter the PIN (Smart Card Passcode) with the numeric keypad or the keyboard displayed. Select [Enter]. Once validated, all features that you are allowed to use become available.
Digital Signature for S/MIME Digital Signature for S/MIME You can use the digital signature feature for the E-mail service. 1 Select [E-mail] on the [Home] screen. 2 Select [E-mail Options]. 3 4 5 Select [Digital Signature]. Select [Sign With Smart Card Certificate]. Select [Save].
3 Usage Examples Digital Signature for Scan Files You can use the digital signature feature for the Scan to PC service. 1 Select [Scan to PC] on the [Home] screen. 2 Select [File Format]. 3 4 5 6 7 38 Select [More]. Select [PDF]. Select [PDF Signature]. Select [Sign With Smart Card Certificate]. Select [Save].
Private Charge Print Private Charge Print The Private Charge Print feature allows you to temporarily store print data for each authentication user ID, and request on the machine’s control panel to print the data. The following describes how to print or delete a job stored with the Private Charge Print feature. 1 Press the button. button 2 Select [Private Charge Print]. 3 Select a job to be printed or deleted. 4 5 Select any option.
3 Usage Examples 40
4 Problem Solving This chapter describes solutions to problems that you may come across while using the machine. • Error Messages ...........................................................................................................42 • Technical Support......................................................................................................
4 Problem Solving Error Messages The machine has certain built-in diagnostic capabilities to help you identify problems and faults, and displays error messages on the control panel, whenever problems or conflicts occur. The followings are error messages related to the Smart Card solution. UI Message 42 Cause and Remedy Message: Incorrect passcode Try again. [Cause] Message: The passcode entered was incorrect and the card has now been locked.
Error Messages UI Message Cause and Remedy Fault Code: 016-534 Message: Login failed. Incorrect authentication system settings. Kerberos server authentication protocol error. The domain set on the machine does not exist on the Kerberos server, or the Kerberos server address set on the machine is invalid for connection. Check whether the domain name and the server address have been correctly set on the machine.
4 Problem Solving UI Message Cause and Remedy Fault Code: 027-708 [Cause] A job is aborted by untrusted certificate of Message: the sender or recipient. Login failed. Untrusted certificate. [Remedy] Ensure that the recipient's certificate is valid and "Chain of Trust" could be established. Make sure that the e-mail address of the recipient and the e-mail address of his/her certificate are the same. Ensure that the sender's certificate is valid and "Chain of Trust" could be established.
Technical Support Technical Support If a fault cannot be resolved by following the instructions in the error message, identify whether it is related to the card reader device or the Dell device. • For problems with the card reader device Contact the manufacturer for further assistance. • For problems with the Dell device Have your Service Tag and Express Code ready, and visit dell.
4 Problem Solving 46
5 Appendix This chapter provides the list of configuring procedures. • List of Configuring Procedures ............................................................................. 48 • Smart Card Certificate - Object Identifiers .........................................................
5 Appendix List of Configuring Procedures The following table is the list of configuring procedures. Note • To configure the settings using the control panel, login as an administrator and select [Tools] on the [Home] screen, then follow the remaining navigation steps noted in the table. • To configure the settings using Dell Printer Configuration Web Tool, select the [Properties] tab first and follow the remaining navigation steps noted in the table.
List of Configuring Procedures Item Using Control Panel Using Dell Printer Configuration Web Tool Default Set NTP Time Synchronization [System Settings] [Common Service Settings] [Machine Clock / Timers] x - Set Authentication [Authentication / Security Settings] [Authentication] [Login Type] [Security] [Authentication Configuration] Off Set Use of Smart Card [Authentication / Security Settings] [Authentication] [User Details Setup] [Security] [Smart Card Settings] [General]
5 Appendix Smart Card Certificate - Object Identifiers Generally, the object identifier settings for Smart Card certificate are not required. By default, the machine automatically switches the object identifier settings depending on the type of the Smart Card you use as shown in the table below.
Index Index A N Access Control ........................................................... 29 NTP Time Synchronization .......................................25 Authentication ............................................................ 26 O C OCSP ............................................................................22 Certificate Revocation Retrieval .............................. 21 Certificate Signing Request (CSR) ........................... 18 P compatibility ............................
w w w. d e l l . c o m | d e l l .