Home > Canon > Printer > Canon printer imageCLASS MF249dw User Manual

Canon printer imageCLASS MF249dw User Manual

    Download as PDF Print this page Share this page

    Have a look at the manual Canon printer imageCLASS MF249dw User Manual online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1335 Canon manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    Page
    of 714
    							Usingtheoperationpanel	 You can also enable or disable IEEE 802.1X authentication from  in the  screen. 
    IEEE
    802.1XSettings(P.482)
    LINKS
    Con4gurLng SettingsforKeyPairsandDigital CertL4cates(P.434)
    Security
    433       
    						
    							Con4gurLngSettingsforKeyPairsandDigital
    CertL4cates
    1469-089
    In order to encrypt communication with a remote device, an encryption key must be sent and received over an unsecured network beforehand. This problem is solved by public-key cryptography. Public-key cryptography ensuressecure communication by protecting important and valuable information from attacks, such as  sniwng, spoo4ng,  and
    tampering of data as it  5ows over a network.
    KeyPair
     A key pair consists of a public key and a secret key, both of which are required for encrypting or decrypting data. Because data that has been encrypted with one of the key pair cannot be
    returned to its original data form without the other, public-key cryptography ensures secure
    communication of data over the network. A key pair is used for TLS encrypted communication or TLS of the IEEE 802.1X authentication. Up to  4ve key pairs (including the preinstalled pairs)
    can be generated to the machine ( 
    UsingCA-issuedKeyPairsandDigital
    CertL4cates (P.443)). A key pair can be generated with the machine ( 
    GeneratingKey
    Pairs(P.436) ).
    CACertL4cate
     Digital  certi4cates  including CA  certi4cates are similar to other forms of  identi4cation, such as
    driver's licenses. A digital  certi4cate contains a digital signature, which enables the machine to
    detect any  spoo4ng or tampering of data. It is extremely  diwcult for third parties to abuse
    digital  certi4cates.  A digital certi4cate  that contains a public key of a  certi4cation authority (CA)
    is referred to as a CA  certi4cate. CA certi4cates  are used for verifying the device the machine is
    communicating with for features such as printing with Google Cloud Print or IEEE 802.1X
    authentication. Up to 67 CA  certi4cates can be registered, including the 62  certi4cates that are
    preinstalled in the machine ( 
    UsingCA-issuedKeyPairsandDigital CertL4cates(P.443)).
    	CKey and 
    Certi4cate  Requirements
    The  certi4cate  contained in a key pair generated with the machine conforms to X.509v3. If you install a key pair or a CA
    certi4cate  from a computer, make sure that they meet the following requirements:
    Format	Key pair: PKCS#12 *1
    	 CA  certi4cate  X.509v1 or X.509v3, DER (encoded binary), PEMFile extension	Key pair: ".p12" or ".pfx"
    	 CA  certi4cate  ".cer"Public key algorithm
    (and key length)RSA (512 bits, 1024 bits, 2048 bits, or 4096 bits)Certi4cate  signature algorithmSHA1-RSA, SHA256-RSA, SHA384-RSA *2
    , SHA512-RSA *2
    , MD5-RSA, or MD2-RSACerti4cate  thumbprint algorithmSHA1*1 
    Requirements for the  certi4cate contained in a key pair are pursuant to CA  certi4cates.
    *2  SHA384-RSA and SHA512-RSA are available only when the RSA key length is 1024 bits or more.
    Security
    434          
    						
    								The machine does not support use of a  certi4cate revocation list (CRL).
    Security
    435 
    						
    							GeneratingKeyPairs
    1469-08A
    A key pair can be generated with the machine when it is required for encrypted communication via Transport Layer
    Security (TLS). You can use TLS when accessing the machine via the Remote UI. Up to  4ve key pairs (including the
    preinstalled pairs) can be generated to the machine. Self-signed  certi4cates are used with key pairs generated in
    "Network Communication". With a "Key and  Certi4cate Signing Request (CSR)", you can apply for a CA-issued digital
    certi4cate  for the key pair generated by the machine.
    GenerateNetworkCommunicationKey(P.436)
    GenerateKeyand CertL4cateSigningRequest(CSR)(P.438)
    Generate Network Communication Key
    1StarttheRemoteUIandlogoninSystemManagerMode.StartingRemote
    UI(P.450)2Click[Settings/[email protected][SecuritySettings@[Keyand CertL4cate [email protected]
    436          
    						
    							4Click[GenerateKey@.
    Deletingaregisteredkeypair	 Click [Delete] on the right of the key pair you want to delete 
     click [OK].
    	 A  key  pair  cannot  be  deleted  if  it  is  currently  used  for  some  purpose,  such  as  when  "[TLS]"  or  "[IEEE
    802.1X]"  is  displayed  under  [Key  Usage].  In  this  case,  disable  the  function  or  replace  the  key  pair  before deleting it.
    5Select[NetworkCommunication@andclick[[email protected]settingsforthekeyand certL4cate.
     [KeySettings@
    [KeyName@
    Security
    437 
    						
    							Enter up to 24 alphanumeric characters for naming the key pair. Set a name that will be easy for you to4nd  later in a list.
    [SignatureAlgorithm@
    Select the signature algorithm from the drop-down list.
    [KeyAlgorithm@
    RSA is used for generating a key pair. Select the key length from the drop-down list. The larger the
    number for the key length, the slower the communication. However, the security is tighter.   
    	 [512-bit] cannot be selected for the key length, if [SHA384] or [SHA512] is selected for [Signature
    Algorithm].
      >CertL4cate Settings@
    [ValidityStartDate(YYYY/MM/DD)@ Enter the validity start date of the  certi4cate in the range between 01/01/2000 and 12/31/2099, in the
    order of: year, month, day.
    [ValidityEndDate(YYYY/MM/DD)@
    Enter the validity end date of the  certi4cate in the range between 01/01/2000 and 12/31/2099, in the
    order of: year, month, day. A date earlier than [Validity Start Date (YYYY/MM/DD)] cannot be set.
    [Country/Region@
    Click the [Select Country/Region] radio button and select the country/region from the drop-down list. You can also click the [Enter Internet Country Code] radio button and enter a country code, such as "US"
    for the United States.
    [State@/[City@
    Enter up to 24 alphanumeric characters for the location as necessary.
    [Organization@/[OrganizationUnit@
    Enter up to 24 alphanumeric characters for the organization name as necessary.
    [CommonName@
    Enter up to 48 alphanumeric characters for the common name of the  certi4cate as necessary. "Common
    Name" is often abbreviated as "CN."
    7Click[OK@.
    	 Keys for network communication may take approximately 10 to 15 minutes to generate.
    	 After a key pair is generated, it is automatically registered to the machine.
    Generate Key and  Certi4cate Signing Request (CSR)
    1StarttheRemoteUIandlogoninSystemManagerMode.
    StartingRemoteUI(P.450)
    2Click[Settings/[email protected]
    438    
    						
    							3Click[SecuritySettings@[KeyandCertL4cate [email protected][GenerateKey@.
    Deletingaregisteredkeypair
    	 Click [Delete] on the right of the key pair you want to delete 
     click [OK].
    	 A  key  pair  cannot  be  deleted  if  it  is  currently  used  for  some  purpose,  such  as  when  "[TLS]"  or  "[IEEE
    802.1X]"  is  displayed  under  [Key  Usage].  In  this  case,  disable  the  function  or  replace  the  key  pair  before deleting it.
    5Select[Keyand CertL4cateSigningRequest(CSR)@andclick[[email protected]
    439 
    						
    							6SpecifysettingsforthekeyandcertL4cate.
     [KeySettings@
    [KeyName@
    Enter up to 24 alphanumeric characters for naming the key pair. Set a name that will be easy for you to
    4nd  later in a list.
    [SignatureAlgorithm@
    Select the signature algorithm from the drop-down list.
    [KeyAlgorithm@
    RSA is used for generating a key pair. Select the key length from the drop-down list. The larger the
    number for the key length, the slower the communication. However, the security is tighter.
       
    	 [512-bit] cannot be selected for the key length, if [SHA384] or [SHA512] is selected for [Signature
    Algorithm].
      >CertL4cate SigningRequest(CSR)Settings@
    [Country/Region@ Click the [Select Country/Region] radio button and select the country/region from the drop-down list. You can also click the [Enter Internet Country Code] radio button and enter a country code, such as "US"
    for the United States.
    [State@/[City@
    Enter up to 24 alphanumeric characters for the location as necessary.
    [Organization@/[OrganizationUnit@
    Enter up to 24 alphanumeric characters for the organization name as necessary.
    [CommonName@
    Security
    440 
    						
    							Enter up to 48 alphanumeric characters for the common name of the certi4cate as necessary. "Common
    Name" is often abbreviated as "CN."7Click[OK@.
    	 Key and  Certi4cate  Signing Request (CSR) may take approximately 10 to 15 minutes to generate.
    8Click[StoreinFile@.
    	A dialog box for storing the  4le appears. Choose where to store the  4le and click [Save].
    The Key and 
    Certi4cate Signing Request (CSR)  4le is stored on the computer.
    9Attachthestored 4leandsubmittheapplicationtothe certL4catLonauthority.
     
    	C Registering the CA-issued Digital 
    Certi4cate
    You cannot use the key pair generated by the  Certi4cate Signing Request (CSR) until the  certi4cate is registered. Once
    the  certi4cation  authority has issued the digital  certi4cate, register it using the procedure below.
    1StarttheRemoteUIandlogoninAdministratormode.
    StartingRemoteUI(P.450)
    2Click[Settings/[email protected][SecuritySettings@[Keyand CertL4cate [email protected][KeyName@or >CertL4cate@forthecertL4cate toberegistered.Security
    441    
    						
    							5Click[RegisterCertL[email protected][Browse@,specifythe 4leforthe certL4cate signingrequest,andclick[Register@.
    LINKS
    UsingCA-issuedKeyPairsandDigital CertL4cates(P.443)
    VerifyingKeyPairsandDigital CertL4cates(P.446)
    EnablingTLSEncryptedCommunicationfortheRemoteUI(P.426)
    Security
    442          
    						
    All Canon manuals Comments (0)

    Related Manuals for Canon printer imageCLASS MF249dw User Manual