Canon I Sensys Mf8540cdn User Guide
Have a look at the manual Canon I Sensys Mf8540cdn User Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1335 Canon manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
0ALJ-0A6 Configuring IEEE 802.1X Authentication The machine can connect to an 802.1X network as a client device. A typical 802.1X network consists of a RADIUS server (authentication server), LAN switch (authenticator), and client devices with authentication software (supplicants). If a device tries to connect to the 802.1X network, the device must go through user authentication in order to prove that the connection is made by an authorized u ser. Authentication information is sent to and checked by a RADIUS server, which permits or rejects communication to the network depending on the authentication result. If authentication fails, a LAN switch (or an access point) blocks access from the outside of the network. Select the authentication method from the options below. If necessary, install or register a key pair or CA certificate before configuring IEEE 802.1X authentication (Using CA- issued Key Pairs and Digital Certificates ). TLS The machine and the authentication server authenticate each other by mutually verifying their certificates. A key pair issued b y a certification authority (CA) is required for the client authentication (when authenticating the machine). For the server authentication, a CA certificate installed via the Remote UI can be used in addition to a CA certificate preinstalled in the machine. The TLS m ethod cannot be used with TTLS or PEAP at the same time. TTLS This authentication method uses a user name and password for the client authentication and a CA certificate for the server authentication. MSCHAPv2 or PAP can be selected as the internal protocol. TTLS can be used with PEAP at the same time. Enable S SL for the Remote UI before configuring this authentication method ( Enabling SSL Encrypted Communication for the Remote UI ). PEAP The required settings are almost the same as those of TTLS. MS-CHAPv2 is used as the internal protocol. Enable SSL for the Remo te UI before configuring this authentication method (Enabling SSL Encrypted Communication for the Remote UI ). Start the Remote UI and log on in System Manager Mode. Starting Remote UI Click [Settings/Registration]. Click [Network Settings] [IEEE 802.1X Settings]. 1 2 3 >à>à>Ý>Ì>Û>Ì>â>ã>â
Click [Edit...]. Select the [Use IEEE 802.1X] check box, enter the login name in the [Login Name] text box, and specify the required settings. [Use IEEE 802.1X] Select the check box to enable IEEE 802.1X authentication. [Login Name] Enter up to 24 alphanumeric characters for a name (EAP identity) that is used for identifying the user. Setting TLS 1Select the [Use TLS] check box and click [Key and Certificate...]. 2Click [Register Default Key] on the right of the key pair you want to use for the client authentication. 4 5 >à>à>Þ>Ì>Û>Ì>â>ã>â
NOTE: Viewing details of a key pair or certificate You can check the details of the certificate or verify the certificate by clicking the corresponding text link under [Key Name], or the certificate icon. Verifying Key Pairs and Digital Certificates Setting TTLS/PEAP 1Select the [Use TTLS] or [Use PEAP] check box. NOTE: Internal protocol for TTLS You can select MSCHAPv2 or PAP. If you want to use PAP, click the [PAP] radio button. 2Click [Change User Name/Password].To specify a user name other than the login name, clear the [Use Login Name as User Name] check box. Select the check box if you want to use the login name as the user name. 3Set the user name/password and click [OK]. >à>à>ß>Ì>Û>Ì>â>ã>â
[ User Name ] Enter up to 24 alphanumeric characters for the user name. [ Change Password] To set or change the password, select the check box and enter up to 24 alphanumeric characters for the new password both in the [Password] and [Confirm] text boxes. Click [OK]. Restart the machine. Turn OFF the machine, wait for at least 10 seconds, and turn it back ON. NOTE You can enable or disable the IEEE 802.1X authentication from .IEEE 802.1X Settings LINKS Configuring Settings for Key Pairs and Digital Certificates 6 7 >à>à>à>Ì>Û>Ì>â>ã>â
0ALJ-0A7 Configuring Settings for Key Pairs and Digital Certificates In order to encrypt communication with a remote device, an encryption key must be sent and received over an unsecured network beforehand. This problem is solved by public -key cryptography. Public -key cryptography ensures secure communication by protecting important and valuable information from attacks, such as sniffing, spoofing, and tampering of data as it flows over a network. Key Pair A key pair consists of a public key and a secret key, both of which are required for encrypting or decrypting data. Because data that has been encrypted with one of the key pair cannot be returned to its original data form without the other, public -key cryptography ensures secure communication of data over the network. Up to five key pairs can be registered ( Using CA- issued Key Pairs and Digital Certificates). For SSL encrypted communication, a key pair can be generated for the machine (Generating Key Pairs ). CA Certificate Digital certificates including CA certificates are similar to other forms of identification, such as driver's licenses. A digital certificate contains a digital signature, which enables the machine to detect any spoofing or tampering of data. It is extremely difficult for third parties to abuse digital certificates. A digital certificate that contains a public key of a certification authority (CA) is referred to as a CA certificate. CA certificates are used for verifying the device the machine is communicating with for features such as printing with Google Cloud Print or IEEE 802.1X authentication. Up to 10 CA certificates can be registered, including the five certificates that are preinstalled in the machine ( Using CA- issued Key Pairs and Digital Certificates ). Key and Certificate Requirements The certificate contained in a key pair generated with the machine conforms to X.509v3. If you install a key pair or a CA certificate from a computer, make sure that they meet the following requirements: Format Key pair: PKCS#12 CA certificate: X.509v1 or X.509v3, DER (encoded binary) File extension Key pair: ".p12" or ".pfx" CA certificate: ".cer" Public key algorithm (and key length) RSA (512 bits, 1024 bits, 2048 bits, or 4096 bits) Certificate signature algorithm SHA1-RSA, SHA256-RSA, SHA384-RSA , SHA512-RSA , MD5 -RSA, or MD2 -RSA Certificate thumbprint algorithm SHA1 Requirements for the certificate contained in a key pair are pursuant to CA certificates. SHA384 -RSA and SHA512 -RSA are available only when the RSA key length is 1024 bits or more. NOTE The machine does not support use of a certificate revocation list (CRL). *1 *2 *2 *1 *2 >à>à>á>Ì>Û>Ì>â>ã>â
0ALJ-0A8 Generating Key Pairs A key pair can be generated with the machine when it is required for encrypted communication via Secure Sockets Layer (SSL). You can use SSL when accessing the machine via the Remote UI. Up to five key pairs can be registered to the machine. Start the Remote UI and log on in System Manager Mode. Starting Remote UI Click [Settings/Registration]. Click [Security Settings] [Key and Certificate Settings]. Click [Generate Key...]. NOTE: Deleting a registered key pairClick [Delete] on the right of the key pair you want to delete click [OK]. A key pair cannot be deleted if it is currently used for some purpose, such as when "SSL" or "IEEE 802.1X", is displayed under [Key Usage]. In this case, disable the function or replace the key pair before deleting it. Specify settings for the key and certificate. 1 2 3 4 5 >à>à>â>Ì>Û>Ì>â>ã>â
[Key Settings][Key Name] Enter up to 24 alphanumeric characters for naming the key pair. Set a name that will be easy for you to find later in a list. [Signature Algorithm] Select the signature algorithm from the drop-down list. [Key Algorithm] RSA is used for generating a key pair. Select the key length from the drop-down list. The larger the number for the key length, the slower the communication. However, the security is tighter. NOTE: [512bit] cannot be selected for the key length, if [SHA384] or [SHA512] is selected for [Signature Algorithm]. [Certificate Settings][Validity Start Date (YYYY/MM/DD)] Enter the date from which the certificate is valid between 01/01/2000 and 31/12/2037. [Validity End Date (YYYY/MM/DD)] Enter the date to which the certificate is valid between 01/01/2000 and 31/12/2037. A date earlier than [Validity Start Date (YYYY/MM/DD)] cannot be set. [Country/Region] Click the [Select Country/Region] radio button and select the country/region from the drop-down list. You can also click the [Enter Internet Country Code] radio button and enter a country code, such as "US" for the United States. [State]/[City] Enter up to 24 alphanumeric characters for the location as necessary. [Organization]/[Organization Unit] Enter up to 24 alphanumeric characters for the organization name as necessary. [Common Name] Enter up to 48 alphanumeric characters for the common name of the certificate as necessary. "Common Name" is often abbreviated as "CN." Click [OK]. A key pair may take approximately 10 to 15 minutes to generate. After a key pair is generated, it is automatically registered to the machine. LINKS Using CA- issued Key Pairs and Digital Certificates Verifying Key Pairs and Digital Certificates Enabling SSL Encrypted Communication for the Remote UI Configuring IPSec Settings 6 >à>à>ã>Ì>Û>Ì>â>ã>â
0ALJ-0A9 Using CA-issued Key Pairs and Digital Certificates Key pairs and digital certificates can be obtained from a certification authority (CA) for use with the machine. You can store and then register these files by using the Remote UI. Make sure that the key pair and the certificate satisfy the requirements of the machine ( Key and Certificate Requirements ). Up to five key pairs and 10 CA certificates (including the five preinstalled certificates) can be registered. Start the Remote UI and log on in System Manager Mode. Starting Remote UI Click [Settings/Registration]. Click [Security Settings] [Key and Certificate Settings] (for key pairs) or [CA Certificate Settings] (for CA certificates). Click [Register Key and Certificate] or [Register CA Certificate]. NOTE: Deleting a registered key pair or CA certificate Click [Delete] on the right of the key pair or CA certificate you want to delete click [OK]. You cannot delete the preinstalled CA certificates. A key pair cannot be deleted if it is currently used for some purpose, such as when "[SSL]" or "[IEEE 802.1X]" is displayed under [Key Usage]. In this case, disable the function or replace the key pair before deleting it. The preinstalled CA certifica te cannot be deleted. 1 2 3 4 >à>à>ä>Ì>Û>Ì>â>ã>â
Disabling or enabling the preinstalled CA certificates Click [Disable] on the right of the preinstalled CA certificate you want to disable. To enable the certificate again, click [Enable] on the right of the certificate. Click [Install...]. NOTE: Deleting a key pair or CA certificate Click [Delete] on the right of the file you want to delete, and then click [OK]. Click [Browse...], specify the file to install, and click [Start Installation]. The key pair or CA certificate is installed in the machine. Register the key pair or CA certificate. Registering a key pair 1Click [Register] on the right of the key pair you want to register. 2Enter the name of the key pair and password, and then click [OK]. [Key Name] Enter up to 24 alphanumeric characters for the name of the key pair to be registered. [Password] Enter up to 24 alphanumeric characters for the password of the private key set for the file to be registered. Registering a CA certificate Click [Register] on the right of the CA certificate you want to register. 5 6 7 >à>à>å>Ì>Û>Ì>â>ã>â
LINKS Generating Key Pairs Verifying Key Pairs and Digital Certificates Enabling SSL Encrypted Communication for the Remote UI Configuring IPSec Settings Configuring IEEE 802.1X Authentication >à>á>Ü>Ì>Û>Ì>â>ã>â