Canon I Sensys Lbp6230dw User Guide

							0JFC -02K
Configuring Settings for Key Pairs and Digital Certificates
In order to  encrypt  communication with a remote device, an  encryption key  must be sent and  received over an  unsecured network
beforehand. This problem is  solved by public -key  cryptography. Public -key  cryptography ensures  secure communication by protecting
valuable information  from attacks, such as sniffing,  spoofing, and  tampering of data as it flows over a network.
Key  Pair
A key  pair  consists of a public  key  and  a secret key, both  of which are  required for  encrypting  or decrypting data. Data
can be exchanged safely, because  encrypted  data cannot  be decrypted without the  other key  in a key  pair. You  can
register  up  to  three key  pairs (
Using  CA- issued Key  Pairs and  Digital Certificates). Key pairs can also  be
generated  by the  machine (Generating Key  Pairs ).
CA Certificate
Digital certificates  including CA certificates  are  similar to  other forms of identification, such as driver's licenses. A digit al
certificate contains a digital signature, which enables the  machine to  detect any spoofing  or tampering of data. It is
extremely difficult  for  third parties to  abuse digital certificates. Digital certificates  (including  public  keys) that  are
issued  by a certificate authority  (CA) are  called CA certificates. You  can register  up  to  three CA certificates  including
the  one that  is  preinstalled (
Using  CA- issued Key  Pairs and  Digital Certificates ).
Key  and Certificate  Operating Requirements
Certificates for  key  pairs generated  with the  machine must conform to  X.509v3.  If  you install a key  pair  or a CA certificate from a
computer, make sure  that  they meet  the  following  requirements.
Format Key pair: PKCS#12
CA certificate:  X.509v1 or X.509v3,  DER  (encoded binary)
Files  extension Key pair: ".p12"  or ".pfx"
CA certificate:  ".cer"
Public  key  algorithm
(and  key  length) RSA (512 bits , 1024  bits,  2048  bits,  or 4096  bits)
Certificate signature  algorithm SHA1-RSA, SHA256-RSA, SHA384-RSA ,
SHA512-RSA , MD5 -RSA, MD2 -RSA
Certificate thumbprint algorithm SHA1
Requirements for  the certificate contained in a key pair  shall  follow  the operating conditions for  CA  certificates.
Not  supported when the operating system of the communication  partner device  is Windows  8/Server 2012. Depending  on the application of update  programs, encrypted  communication  may also  not be  possible  with  other  versions of Windows.
SHA384 -RSA and  SHA512 -RSA are available only  when the RSA key length is 1024 bits or  more.
The machine does not  support use of a certificate revocation  list  (CRL).
*1
*2 *3
*3
*1
*2
*3
>Ý>ß>Ý>Ì>Û>Ì>Þ>à>Ü
 
						

							0JFC -02L
Generating Key Pairs
The key  pair  required for  encrypted  communication via  Secure Sockets Layer  (SSL) can be generated  with the  machine. You  can use SSL
when accessing the  machine via  the  Remote  UI. Up to  three key  pairs can be registered on  the  machine.
Start  the Remote UI  and  log  on in System Manager Mode.  Starting the Remote UI
Click [Settings/Registration].
Click [Security  Settings]  [Key and  Certificate Settings].
Click [Generate Key].
To delete a registered  key pairOn the  right side  of the  key  pair  that  you want to  delete, click [Delete] 
[OK].
A key  pair  cannot  be deleted  when "SSL" is  displayed under [Key Usage], indicating  that  the  key  pair  is  currently in use. In th is
case, disable SSL  or replace  the  key  pair  with another.  You  will  then  be able  to  delete  it.
Specify  settings  for the key and  certificate.
1
2
3
4
5
>Ý>ß>Þ>Ì>Û>Ì>Þ>à>Ü
 
						

							[Key  Settings][Key  Name]
Enter up  to  24 alphanumeric  characters  for  naming the  key  pair. Set a name that  will  be easy  for  you to  find later in a list.
[Signature  Algorithm]
Select the  signature  algorithm from the  drop-down list.
[Key  Algorithm]
The algorithm used to  generate  keys is  RSA. Select the  key  length from the  drop-down list. The larger  the  number for  the
key  length, the  slower  the  communication.  However, the  security is  tighter.  
[512-bit] cannot  be selected for  the  key  length, if  [SHA384]  or [SHA512]  is  selected for  [Signature  Algorithm].
[Certificate Settings][Validity Start  Date]
Enter the  first date of validity  of the  certificate in year/month/day  format in the  range 1  January  2000  to  31 December
2037.
[Validity End  Date]
Enter the  last  date of validity  of the  certificate in year/month/day  format in the  range 1  January  2000  to  31 December
2037. A date earlier than the  [Validity  Start Date] cannot  be set.
[Country/Region]
Click the  [Select Country/Region]  radio button and  select the  country/region from the  drop-down list. You  can also  click the
[Enter Internet  Country Code] radio button and  enter a country code,  such as "US"  for  the  United  States.
[State]/[City]
As necessary, enter up  to  24 alphanumeric  characters  for  the  address.
[Organization]/[Organization  Unit]
As necessary, enter up  to  24 alphanumeric  characters  for  the  name of the  organization.
[Common  Name]
As necessary, enter up  to  48 alphanumeric  characters  for  the  common  name of the  certificate.  "Common Name" is  often
abbreviated as "CN."
Click [OK].
A key  pair  may  take approximately  10 to  15 minutes  to  generate.
After a key  pair  is  generated, it is  automatically registered to  the  machine.
LINKS
Using  CA- issued Key  Pairs and  Digital Certificates
Verifying  Key  Pairs and  CA Certificates
Enabling  SSL Encrypted Communication for the Remote  UI
6
>Ý>ß>ß>Ì>Û>Ì>Þ>à>Ü
 
						

							0JFC -02R
Using CA-issued Key Pairs and Digital Certificates
Key pairs and  digital certificates  can be obtained from a certification  authority  (CA) for  use with the  machine. After obtaining them from a
CA, you can install and  register  key  pairs and  CA certificate files  on  the  machine by using the  Remote  UI. Make  sure  that  the  key  pair
and  the  certificate satisfy  the  requirements of the  machine (
Key  and  Certificate Operating Requirements ). You  can register  up  to
three key  pairs and  three CA certificates  including the  preinstalled ones.
Start  the Remote UI  and  log  on in System Manager Mode.  Starting the Remote UI
Click [Settings/Registration].
Click [Security  Settings]  Click [Key and  Certificate Settings] or [CA Certificate Settings].
Click [Key and  Certificate Settings] to  install a key  pair, or [CA Certificate Settings] to  install a CA certificate.
Click [Register Key  and  Certificate]  or [Register CA Certificate].
To delete a registered  key pair or CA certificate
On the  right of the  key  pair  or CA certificate you want to  delete, click [Delete] 
[OK].
A key  pair  cannot  be deleted  when "SSL" is  displayed under [Key Usage], indicating  that  the  key  pair  is  currently in use. In th is
case, disable SSL  or replace  the  key  pair  with another.  You  will  then  be able  to  delete  it.
Click [Install].
1
2
3
4
5
>Ý>ß>à>Ì>Û>Ì>Þ>à>Ü
 
						

							You  can only install one file on  this machine. If  another file is  already  installed,  click [Delete] [OK]  to  delete  the  previously
installed file.
Click [Browse], specify the file to install, and  click [Start Installation].
The key  pair  or CA certificate from the  computer  is  installed in the  machine. 
Register the key pair or CA certificate.
Registering a key pair
1Click [Register]  on  the right  of the key pair you want to register.
2Enter  the name  of the key pair and  password,  and  then  click [OK].
[Key  Name]
Enter a name of up  to  24 alphanumeric  characters  for  registering  the  key  pair  in the  machine. Set a name that  will  be
easy  for  you to  find later in a list.
[Password]
Enter up  to  24 alphanumeric  characters  for  the  password of the  secret key  that  is  set in the  file to  be registered.
6
7
>Ý>ß>á>Ì>Û>Ì>Þ>à>Ü
 
						

							Registering a CA certificate
Click [Register] on  the  right of the  CA certificate you want to  register.
LINKS
Generating Key  Pairs
Verifying  Key  Pairs and  CA Certificates
Enabling  SSL Encrypted Communication for the Remote  UI
>Ý>ß>â>Ì>Û>Ì>Þ>à>Ü
 
						

							0JFC -02S
Verifying Key Pairs and CA Certificates
Once key  pairs and  CA certificates  are  registered, you can view their  detailed information  or verify their  effective dates and  signature.
Start  the Remote UI  and  log  on in System Manager Mode.  Starting the Remote UI
Click [Settings/Registration].
Click [Security  Settings]  Click [Key and  Certificate Settings] or [CA Certificate Settings].
Click [Key and  Certificate Settings] to  verify a key  pair, or [CA Certificate Settings] to  verify a CA certificate.
Click the icon for the key pair or CA certificate that  you want to verify.
Certificate details are  displayed.  
Check  the certificate details, and  click [Certificate  Verification].
1
2
3
4
5
>Ý>ß>ã>Ì>Û>Ì>Þ>à>Ü
 
						

							The result from verifying the  certificate is  displayed as shown below.
LINKS
Generating Key  Pairs
Using  CA- issued Key  Pairs and  Digital Certificates
>Ý>ß>ä>Ì>Û>Ì>Þ>à>Ü
 
						

							0JFC -02U
Using the Remote UI
You  can use a Web browser  to  operate the  machine remotely, check  the  documents waiting  to  be printed,  and  check  the  status of the
machine. You  can also  make network and  other settings for  the  machine. The "Remote  UI" starts  when you enter the  IP  address of  the
machine in your Web browser. It is  very convenient, because  it allows  you to  operate the  machine remotely without leaving your  desk  or
installing a special  application.
Tasks you can do  in the Remote  UI
Managing Documents and  Checking the Machine  Status
Changing Machine  Settings
How to use the Remote  UI
Starting  the Remote  UI
Remote  UI Screens
System Requirements
The following  environment is  required to  use the  Remote  UI. In addition,  set your Web browser  to  enable  cookies.
Windows
Windows  XP/Vista/7/8
Microsoft  Internet  Explorer  7.0  or later
Mac OS
Mac OS  10.4 or later
Safari  3.2.1  or later
>Ý>ß>å>Ì>Û>Ì>Þ>à>Ü
 
						

							0JFC -02W
Starting the Remote UI
To operate the  machine remotely, start the  Remote  UI by entering  the  machine's  IP  address in your Web browser. Before starting, check
the  IP  address that  has been assigned  to  the  machine (Viewing Network Settings). If  you do not  know the  machine's  IP  address,
ask  your network administrator, or start the  Remote  UI from the  Printer Status Window  (Starting  from the Printer Status Window ).
Start  the Web browser.
Enter  http:/// in the address field, and  press the [ENTER] key.
If  you are  using an  IPv6  address, enclose the  IPv6  address with brackets (example:  "http://[fe80:2e9e:fcff:fe4e:dbce]/").
If a host name  for the machine is  registered  with a DNS  server
Instead  of , you can enter   (example:
"http://my_printer.example.com").
If a security alert  is  displayed
A security alert may  be displayed when communication with the  Remote  UI is  encrypted  (
Enabling  SSL Encrypted
Communication for the Remote  UI ). If  there are  no  problems with certificate settings or SSL  settings,  continue browsing to  the
Remote  UI site.
Select [System Manager Mode] or [End-User Mode].
[System Manager  Mode]
You  can perform  all Remote  UI operations and  make all settings.  If  a PIN  (system manager password) has been set, enter it in
[System Manager  PIN]. (
Setting System Manager  Passwords ) If  a PIN  has not  been set (factory  default  setting),  you do
not  need to  input  anything.
[End - User Mode]
You  can check  the  status of documents or the  machine, and  you can also  check  the  settings.
Click [Log In].
The Portal Page (main  page) of the  Remote  UI appears. Remote  UI Screens
Starting from the Printer Status Window
1
2
3
4
>Ý>à>Ü>Ì>Û>Ì>Þ>à>Ü