Xerox WorkCentre 7345 User Manual

							199
Configuration of E-mail Encryption/Digital Signature
Installation Overview
Configuration on the Machine
Import an S/MIME certificate from a Certificate Authority (in PKCS7 format), then configure the certificate 
on the machine using CentreWare Internet Services.
Configuration on a Computer
No special configuration is needed for remote computer receipt of encrypted e-mail.  For sending 
encrypted e-mail to the machine, however, you will need a copy of the device’s S/MIME certificate on your 
workstation to allow you to encrypt email being sent to the device.  The S/MIME certificate represents the 
Public Key of the device, allowing encryption to take place.
Downloaded From ManualsPrinter.com Manuals 
						

							200 Configuring S/MIME certificates with CentreWare Internet Services
To configure S/MIME certificates with CentreWare Internet Services, first enable HTTP communications 
(as stated under Configuration of HTTP Communication Encryption in this section).  Next, import an S/
MIME certificate from a Certificate Authority (in PKCS7 format).  Finally, enable S/MIME.
1. Start a web browser.
2. Enter the machines IP address, beginning with “https,” into the Address box of your web browser, and 
press the Enter key.
Example:
https://192.168.1.1/
3. Click the Properties tab.
4. Confirm that the Machine’s E-mail Address, under the Description hot link, is filled in.  Also note that 
to use E-mail with this machine, E-Mail has to be enabled and configured as stated in the Scan to E-
mail section of this guide.
5. Click [+] on the left of the Security folder to display the items in the folder.
6. Click Machine Digital Certificate Management.
7. Click Upload Signed Certificate.
Note: Important: When importing a certificate, if the same certificate has been already registered in 
[Local Device] or [Others], the certificate cannot be imported. Delete the existing certificate before 
importing the new one.
a. Enter the Password.
b. Enter the Re-enter Password.
c. Enter a file name for the file you want to import, or select the file to be imported by clicking the 
Browse button.
d. Click the Import button. When a screen to enter the user name and password appears, enter the 
System Administrator user ID and password into User Name and Password, and then click OK.
Note: The default user ID is 11111 and the default password is x-admin.
Downloaded From ManualsPrinter.com Manuals 
						

							201 8. Refresh the web browser.
9. Click [+] on the left of Security to display the items in the folder.
10. Configure the certificate.
a. Click Trusted Certificates Management.
b. Select [Local Device] for Category, [S/MIME] for Certificate Purpose, and then click the Display 
the List button.  If necessary, enter the System Administrator User Name and Password and click 
OK.
c. Place a check mark in the box in front of the Certificate you wish to view details for.
d. Click the Certificate Details button.
e. Click the Use this certificate button.
f. Click Reboot. The machine will reboot and the setting values will be reflected.
11. Refresh the web browser.
12. Click [+] on the left of Security to display the items in the folder.
13. Click SSL/TLS Settings.
14. Select the Enable check box for S/MIME Communication.
Downloaded From ManualsPrinter.com Manuals 
						

							202 15. Apply the settings.
a. Click Apply.
b. The right frame on the web browser will change to the machine reboot display.
c. Click Reboot Machine. The machine will be unavailable for a short period of time.
16. Configure the settings for S/MIME.
a. Refresh the web browser.
b. Click [+] on the left of Security to display the items in the folder.
c. Click S/MIME Settings and set the following items.
Message Digest Algorithm
Select a message digest algorithm from [SHA1] or [MD5].
Contents Encryption Method
Select a contents encryption method from [3DES], [RC2-40], [RC2-64], or [RC2-128].
Certificate Auto Store
Click the checkbox to automatically save an S/MIME certificate attached to an e-mail received 
from an address registered in your address book.
Receive Untrusted E-mail
Decide whether or not you wish to receive untrusted E-mail.
Receive Untrusted iFAX
Decide whether or not you wish to receive untrusted iFAXes.
Digital Signature - Outgoing E-mail
Decide whether or not to add a digital signature to outgoing E-mail, and the method to use if a 
signature is desired.
Digital Signature - Outgoing iFAX
Decide whether or not to add a digital signature to outgoing iFAXes, and the method to use if a 
signature is desired.
d. Click the Apply button.
Downloaded From ManualsPrinter.com Manuals 
						

							203 Configuration on a Computer
The following describes the configuration for a remote, networked computer.
Sending scanned data by S/MIME encrypted E-mail from the machine to a computer
An S/MIME certificate MUST be imported, configured, and stored on the machine as stated in this section 
under Configuring S/MIME certificates with CentreWare Internet Services.
When importing the S/MIME certificate, make sure that a root certificate is included for use with the 
Supported E-mail applications shown below.
Receiving E-mail with S/MIME digital signature from the machine
No settings are required on a recipient computer.
Sending S/MIME encrypted e-mail by E-mail printing from a computer to the machine
It is necessary to register the S/MIME certificate of the machine on the computer.
There are two methods to set an S/MIME certificate of the machine on the computer:
Sending e-mail with S/MIME digital signature from the machine to the computer
To send e-mail with an S/MIME digital signature from the machine, configure to attach the digital 
signature when sending E-mail in the [Digital Signature - Outgoing E-mail] settings.
Exporting an S/MIME certificate to the computer using CentreWare Internet Services and registering 
the exported S/MIME certificate in the certificate storage location of the E-mail application.
Note that the exporting of certificates is accomplished using the Trusted Certificates Management 
hot link under Security folder on the Properties page of Internet Services.  For information on how 
to export a certificate, refer to the CentreWare Internet Services online help. For information on 
how to register a certificate in an E-mail application, refer to the manuals provided with the E-mail 
application.
Sending E-mail with S/MIME digital signature from a computer to the machine
It is necessary to register a personal certificate of a senders E-mail address, an intermediate certificate 
authority certificate of the personal certificate, and a root certificate on the machine.
For information on how to import a certificate, refer to the CentreWare Internet Services online help.
Supported E-mail applications
E-mail applications that can send and receive E-mail to and from the machine are as follows:
Outlook 2000/2002/2003
Outlook Express 6
Netscape 7.x
Downloaded From ManualsPrinter.com Manuals 
						

							204
Configuration of Scan File Signatures (PDF/XPS Documents)
Installation Overview
Configuration on the Machine
Import a certificate from a Certificate Authority (in PKCS12 format), then configure the certificate on the 
machine using CentreWare Internet Services.
Configuration on a Computer
Prepare for verification of the PDF or XPS signature.
Downloaded From ManualsPrinter.com Manuals 
						

							205 Configuring Scan File certificates with CentreWare Internet Services
To configure certificates with CentreWare Internet Services, first enable HTTP communications (as stated 
under Configuration of HTTP Communication Encryption in this section).  Next, import a certificate 
from a Certificate Authority (in PKCS12 format).  Finally, set the certificate as a scan file certificate.
1. Start a web browser.
2. Enter the machines IP address, beginning with https, into the Address box of your web browser, and 
press the Enter key.
Example:
https://192.168.1.1/
3. Click the Properties tab.
4. Click [+] on the left of Security to display the items in the folder.
5. Click Machine Digital Certificate Management.
6. Click on Upload Signed Certificate.
Important:  When importing a certificate, if the same certificate has been already registered in [Local 
Device] or [Others], the certificate cannot be imported. Delete the existing certificate before importing 
the new one.
a. Enter the Password.
b. Enter the Re-enter Password.
c. Enter a file name for the file you want to import, or select the file to be imported by clicking the 
Browse button.
d. Click the Import button. When a screen to enter the user name and password appears, enter the 
System Administrator user ID and password into User Name and Password, and then click OK.
Note: The default user ID is 11111 and the default password is x-admin.
7. Refresh the web browser.
8. Click [+] on the left of Security to display the items in the folder.
Downloaded From ManualsPrinter.com Manuals 
						

							206 9. Configure the certificate.
a. Click on Trusted Digital Certificate Management.
b. Select [Local Device] for Category, [Scan File] for Certificate Purpose, and then click the 
Display the List button.
c. Place a check mark in the box in front of the Certificate you wish to view details for.
d. Click the Certificate Details button.
e. Click the Use this certificate button.
f. Click Reboot. The machine will reboot and the setting values will be reflected.
10. Configure the settings for PDF/XPS Signatures.
a. Refresh the web browser.
b. Click [+] on the left of Security to display the items in the folder.
c. Click PDF/DocuWorks Security Settings and then set the following items.
PDF Signature
Select the setting for PDF Signature from [Do not add signature], [Always add visible signature], 
[Always add invisible signature], or [Select during send].
XPS Signature
Select the setting for XPS Signature from [Do not add signature], [Always add signature], or [Select 
during send].
d. Click the Apply button.
Downloaded From ManualsPrinter.com Manuals 
						

							207 Configuration on a Computer
Confirm that the digital certificate being used by the machine to encrypt PDF and XPS files has been 
imported and is registered on the recipient’s computer.  This will assure the ability to conduct two way 
digital signing of files, should this capability be desired or needed.
Downloaded From ManualsPrinter.com Manuals 
						

							208
IP Sec
IP Sec (IP Security) is comprised of the IP Authentication Header and IP Encapsulating Security Payload 
protocols, that secure IP communications at the network layer of the protocol stack, using both 
authentication and data encryption techniques. The ability to send IP Sec encrypted data to the printer is 
provided by the use of a public cryptographic key, following a network negotiating session between the 
initiator (client workstation) and the responder (printer or server). To send encrypted data to the printer, the 
workstation and the printer have to establish a Security Association with each other by verifying a matching 
password (shared secret) to each other. If this authentication is successful, a session public key will be 
built and used to send IP Sec encrypted data over the TCP/IP network to the printer.
Providing additional security during the Public Key negotiating process, Digital Certificates can 
alternatively be used in place of the Shared Secret, to encrypt the Public Key information being exchanged 
between communicating parties.  The Digital Certificate resides on the multifunction device (managed as 
stated in this Encryption section in the Configuring Scan File certificates topic) and MUST also have been 
imported and stored on the computer that is encrypting data being sent to the device.
Certificates add digital signatures (individualized checksums verifying data integrity) to datagrams during 
the public key negotiating process, greatly assisting in securing that data from network sniffers.
To enable IP Sec:
1. Open your Web browser and enter the TCP/IP address of the machine in the Address or Location field. 
Press Enter.
2. Click the Properties tab.
3. Click the symbol to the left of the Security folder.
4. Select IP Sec in the directory tree.
5. Enable the Protocol by placing a checkmark in the Enabled box.
6. Select Pre-Shared Key to use the Shared Secret (between this device and remote computers also 
possessing the secret).  Note that if you select Digital Signature, the Shared Secret boxes will be 
grayed out and you will have to supply a Certificate stored on this device to the remote computer that 
wishes to send IP Sec encrypted data to this device.  Refer to the Configuring certificates with 
CentreWare Internet Services topic in this Encryption section for full information.
7. Enter the Shared Secret (a password) in the Shared Secret and Verify Shared Secret boxes.
8. Select Enabled (default setting) for the Communicate with Non-IP Sec Device setting, so that 
computers not set up for encryption can still communicate with this device.
9. Use the on line Help for assistance with other available settings.
10. Click Apply when done and supply the Administrator User Name and Password, if prompted.  The 
default is 11111 and x-admin.
Downloaded From ManualsPrinter.com Manuals