Canon printer imageCLASS MF249dw User Manual
Have a look at the manual Canon printer imageCLASS MF249dw User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1335 Canon manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
Usingtheoperationpanel You can also enable or disable IEEE 802.1X authentication from in the screen. IEEE 802.1XSettings(P.482) LINKS Con4gurLng SettingsforKeyPairsandDigital CertL4cates(P.434) Security 433
Con4gurLngSettingsforKeyPairsandDigital CertL4cates 1469-089 In order to encrypt communication with a remote device, an encryption key must be sent and received over an unsecured network beforehand. This problem is solved by public-key cryptography. Public-key cryptography ensuressecure communication by protecting important and valuable information from attacks, such as sniwng, spoo4ng, and tampering of data as it 5ows over a network. KeyPair A key pair consists of a public key and a secret key, both of which are required for encrypting or decrypting data. Because data that has been encrypted with one of the key pair cannot be returned to its original data form without the other, public-key cryptography ensures secure communication of data over the network. A key pair is used for TLS encrypted communication or TLS of the IEEE 802.1X authentication. Up to 4ve key pairs (including the preinstalled pairs) can be generated to the machine ( UsingCA-issuedKeyPairsandDigital CertL4cates (P.443)). A key pair can be generated with the machine ( GeneratingKey Pairs(P.436) ). CACertL4cate Digital certi4cates including CA certi4cates are similar to other forms of identi4cation, such as driver's licenses. A digital certi4cate contains a digital signature, which enables the machine to detect any spoo4ng or tampering of data. It is extremely diwcult for third parties to abuse digital certi4cates. A digital certi4cate that contains a public key of a certi4cation authority (CA) is referred to as a CA certi4cate. CA certi4cates are used for verifying the device the machine is communicating with for features such as printing with Google Cloud Print or IEEE 802.1X authentication. Up to 67 CA certi4cates can be registered, including the 62 certi4cates that are preinstalled in the machine ( UsingCA-issuedKeyPairsandDigital CertL4cates(P.443)). CKey and Certi4cate Requirements The certi4cate contained in a key pair generated with the machine conforms to X.509v3. If you install a key pair or a CA certi4cate from a computer, make sure that they meet the following requirements: Format Key pair: PKCS#12 *1 CA certi4cate X.509v1 or X.509v3, DER (encoded binary), PEMFile extension Key pair: ".p12" or ".pfx" CA certi4cate ".cer"Public key algorithm (and key length)RSA (512 bits, 1024 bits, 2048 bits, or 4096 bits)Certi4cate signature algorithmSHA1-RSA, SHA256-RSA, SHA384-RSA *2 , SHA512-RSA *2 , MD5-RSA, or MD2-RSACerti4cate thumbprint algorithmSHA1*1 Requirements for the certi4cate contained in a key pair are pursuant to CA certi4cates. *2 SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more. Security 434
The machine does not support use of a certi4cate revocation list (CRL). Security 435
GeneratingKeyPairs 1469-08A A key pair can be generated with the machine when it is required for encrypted communication via Transport Layer Security (TLS). You can use TLS when accessing the machine via the Remote UI. Up to 4ve key pairs (including the preinstalled pairs) can be generated to the machine. Self-signed certi4cates are used with key pairs generated in "Network Communication". With a "Key and Certi4cate Signing Request (CSR)", you can apply for a CA-issued digital certi4cate for the key pair generated by the machine. GenerateNetworkCommunicationKey(P.436) GenerateKeyand CertL4cateSigningRequest(CSR)(P.438) Generate Network Communication Key 1StarttheRemoteUIandlogoninSystemManagerMode.StartingRemote UI(P.450)2Click[Settings/[email protected][SecuritySettings@[Keyand CertL4cate [email protected] 436
4Click[GenerateKey@. Deletingaregisteredkeypair Click [Delete] on the right of the key pair you want to delete click [OK]. A key pair cannot be deleted if it is currently used for some purpose, such as when "[TLS]" or "[IEEE 802.1X]" is displayed under [Key Usage]. In this case, disable the function or replace the key pair before deleting it. 5Select[NetworkCommunication@andclick[[email protected]settingsforthekeyand certL4cate. [KeySettings@ [KeyName@ Security 437
Enter up to 24 alphanumeric characters for naming the key pair. Set a name that will be easy for you to4nd later in a list. [SignatureAlgorithm@ Select the signature algorithm from the drop-down list. [KeyAlgorithm@ RSA is used for generating a key pair. Select the key length from the drop-down list. The larger the number for the key length, the slower the communication. However, the security is tighter. [512-bit] cannot be selected for the key length, if [SHA384] or [SHA512] is selected for [Signature Algorithm]. >CertL4cate Settings@ [ValidityStartDate(YYYY/MM/DD)@ Enter the validity start date of the certi4cate in the range between 01/01/2000 and 12/31/2099, in the order of: year, month, day. [ValidityEndDate(YYYY/MM/DD)@ Enter the validity end date of the certi4cate in the range between 01/01/2000 and 12/31/2099, in the order of: year, month, day. A date earlier than [Validity Start Date (YYYY/MM/DD)] cannot be set. [Country/Region@ Click the [Select Country/Region] radio button and select the country/region from the drop-down list. You can also click the [Enter Internet Country Code] radio button and enter a country code, such as "US" for the United States. [State@/[City@ Enter up to 24 alphanumeric characters for the location as necessary. [Organization@/[OrganizationUnit@ Enter up to 24 alphanumeric characters for the organization name as necessary. [CommonName@ Enter up to 48 alphanumeric characters for the common name of the certi4cate as necessary. "Common Name" is often abbreviated as "CN." 7Click[OK@. Keys for network communication may take approximately 10 to 15 minutes to generate. After a key pair is generated, it is automatically registered to the machine. Generate Key and Certi4cate Signing Request (CSR) 1StarttheRemoteUIandlogoninSystemManagerMode. StartingRemoteUI(P.450) 2Click[Settings/[email protected] 438
3Click[SecuritySettings@[KeyandCertL4cate [email protected][GenerateKey@. Deletingaregisteredkeypair Click [Delete] on the right of the key pair you want to delete click [OK]. A key pair cannot be deleted if it is currently used for some purpose, such as when "[TLS]" or "[IEEE 802.1X]" is displayed under [Key Usage]. In this case, disable the function or replace the key pair before deleting it. 5Select[Keyand CertL4cateSigningRequest(CSR)@andclick[[email protected] 439
6SpecifysettingsforthekeyandcertL4cate. [KeySettings@ [KeyName@ Enter up to 24 alphanumeric characters for naming the key pair. Set a name that will be easy for you to 4nd later in a list. [SignatureAlgorithm@ Select the signature algorithm from the drop-down list. [KeyAlgorithm@ RSA is used for generating a key pair. Select the key length from the drop-down list. The larger the number for the key length, the slower the communication. However, the security is tighter. [512-bit] cannot be selected for the key length, if [SHA384] or [SHA512] is selected for [Signature Algorithm]. >CertL4cate SigningRequest(CSR)Settings@ [Country/Region@ Click the [Select Country/Region] radio button and select the country/region from the drop-down list. You can also click the [Enter Internet Country Code] radio button and enter a country code, such as "US" for the United States. [State@/[City@ Enter up to 24 alphanumeric characters for the location as necessary. [Organization@/[OrganizationUnit@ Enter up to 24 alphanumeric characters for the organization name as necessary. [CommonName@ Security 440
Enter up to 48 alphanumeric characters for the common name of the certi4cate as necessary. "Common Name" is often abbreviated as "CN."7Click[OK@. Key and Certi4cate Signing Request (CSR) may take approximately 10 to 15 minutes to generate. 8Click[StoreinFile@. A dialog box for storing the 4le appears. Choose where to store the 4le and click [Save]. The Key and Certi4cate Signing Request (CSR) 4le is stored on the computer. 9Attachthestored 4leandsubmittheapplicationtothe certL4catLonauthority. C Registering the CA-issued Digital Certi4cate You cannot use the key pair generated by the Certi4cate Signing Request (CSR) until the certi4cate is registered. Once the certi4cation authority has issued the digital certi4cate, register it using the procedure below. 1StarttheRemoteUIandlogoninAdministratormode. StartingRemoteUI(P.450) 2Click[Settings/[email protected][SecuritySettings@[Keyand CertL4cate [email protected][KeyName@or >CertL4cate@forthecertL4cate toberegistered.Security 441
5Click[RegisterCertL[email protected][Browse@,specifythe 4leforthe certL4cate signingrequest,andclick[Register@. LINKS UsingCA-issuedKeyPairsandDigital CertL4cates(P.443) VerifyingKeyPairsandDigital CertL4cates(P.446) EnablingTLSEncryptedCommunicationfortheRemoteUI(P.426) Security 442