manualshive.com logo in svg

Citizen IF1-EFX1, User Manual, Page: 43 / 62

Share
Download
Citizen IF1-EFX1 User Manual Download Page 43

 

 

 

43 

7.  SSL/TLS function 

7-1. 

Overview

 

Necessity of SSL/TLS support 

Encrypted communication is necessary to prevent third parties from eavesdropping on, altering, or 

spoofing the communication data flowing over the network. The SSL/TLS protocol has become the 

standard for encrypted communication infrastructure. 

The http protocol is used to send and receive web data and XML data, and https is the SSL/TLS-

compatible version of it. If https is used for communication between the host and the printer, the 

printer must also support SSL/TLS. 

 

Overview of SSL/TLS support 

A digitally signed certificate (hereafter referred to as a signed  certificate) is required for SSL/TLS 

encrypted communication. The server stores the signed certificate, and the client side must confirm 

or approve the certificate as trustworthy to enable SSL/TLS encrypted communication. 

There are two types of signing certificates: those signed by a public certification authority (CA) and 

self-signed certificates signed by the private CA. 

In the case of self-signed certificates, the client side must certify that the certificate is trustworthy so 

that it can communicate without warning. For this purpose, this board has a function to export a file 

that contains the unique information for certification.  

This board also allows importing a certificate signed by a public CA for more secure communication. 

 

Differences in procedures for preparing signed certificates between this board and a normal server 

For SSL/TLS communication, you will need a signed certificate file and a private key file. The general 

procedure for preparing these on a normal server is as follows. 

 

1. The applicant requesting the certificate generates a private key.  

2.  Applicant creates a certificate signing request (CSR) by entering the applicant's identification 

information and adding a signature with the applicant's private key.  

3. The applicant submits the CSR to either a self-certification authority prepared by the applicant or 

an external public CA.  

4.  The signing authority generates a certificate with its own private key signature attached to the 

CSR and returns it to the applicant. (Depending on the submitted certification authority, the 

certification becomes either a self-signed certificate or a public CA signed certificate).  

5. The applicant stores and places the signed certificate file and his private key file. 

 

This board has an internal private key and self-certification authority, and if you want to use a self-

signed certificate, you only need to enter the identification information in step 2 above. (For the 

detailed procedure, refer to 7-3-1 Creating and exporting a self-signed certificate. 

Summary of Contents for IF1-EFX1

Page 1: ...IF1 EFX1 IF1 EFX2 IF2 EFX1 IF2 EFX2 Ethernet Interface Board User s Manual Ver 2 00 Target firmware V1 15 or later IFx EFX1 V2 30 or later IFx EFX2 ...

Page 2: ...tatus by LED 18 3 6 Simple Setting Procedure Example for Wired LAN 19 4 Web Manager 20 4 1 Starting the Web Manager 20 4 2 HOME Window 21 4 3 STATUS Window 22 4 3 1 STATUS System Status Tab 23 4 3 2 STATUS Network Status Tab 24 4 3 3 STATUS Printer Status Tab 25 4 4 CONFIG Window 26 4 4 1 CONFIG General Tab 27 4 4 2 CONFIG User Account Tab 28 4 4 3 CONFIG Maintenance Tab 29 5 NetToolK 30 5 1 Insta...

Page 3: ... 3 To enable SSL TLS communication using a self signed certificate 48 7 3 1 Generating and exporting self signed certificates 48 7 3 2 Example of importing a self signed certificate in a browser Chrome 53 7 4 SSL TLS and certificate related specifications 57 7 4 1 SSL TLS communication specifications 57 7 4 2 Self signed certificate related specifications 58 7 4 3 Public CA signed certificate rela...

Page 4: ... or mishandling of the device by the user or b loss due to operational environment Data etc are basically impermanent long time or permanent storing saving of data by the device is not possible Note that we will not be responsible for any loss or loss of profits owing to loss of data due to breakdown repairs inspections etc Please contact us if there are omissions errors ambiguities etc in this ma...

Page 5: ...Config Service JavaScript Config SDK Programming Manual Peripheral device control using dedicated control port Peripheral device control For POS printer Windows POS Print SDK Windows Windows POS Print SDK Programming Manual Peripheral device control For POS printer Android POS Print SDK Android Android POS Print SDK Programming Manual Peripheral device control For POS printer iOS Swift POS Print S...

Page 6: ... of service in the explanation Web server Web app server The Web server is the terminal that sends data to the browser for screen display The Web server receives the information of the operations performed on the browser When a Web server uses a programming language to process data to be sent and received the group of programs that process the data is called a Web application hereinafter referred ...

Page 7: ...d Please note only firmware versions V1 15 or later IFx EFX1 V2 30 or later IFx EFX2 support the following functions mentioned in this manual Raw Port TCP Keep Alive SSL TLS Function Request Printing XML Config For boards with older firmware versions please refer to the older manual as a reference 1 1 Features Support for DHCP static IP and ZeroConf methods of IP address acquisition Configuration ...

Page 8: ...ble printers CT S801 II 851 II 601 II 651 II CL S400DT 6621 E7xx CT D151 E651 S251 751 CT S4500 CL E3xxEX Operation panel LED 4 2 on panel 2 on RJ45 connector Button 1 USB USB A connector 0 or 2 USB Specs USB2 0 High Speed Software Software Setting methods Browser PC setting tool Cloud Firmware upgrade Browser PC setting tool Cloud Supported Platforms Windows 7 Windows8 Windows10 HTML5 browser IF1...

Page 9: ...cator LED yellow 1 Shows Ethernet connection status disconnected receiving data etc Ethernet status LED indicator green 1 Ethernet status LED indicator red 1 Shows transmission connection and error statuses with steady blinking lights combinations Panel button 2 Used to operate the Interface board USB connector First USB connector Second Connect an approved peripheral device to a USB port 1 See 3 ...

Page 10: ... is prohibited please inquire about which devices are supported Connecting a tablet or other device to USB ports for supplying power is also prohibited Do not insert or remove peripheral devices from the USB port while the printer power is on Connection through a USB hub is prohibited In the case of the IFx EFX2 which has two USB ports connecting to both the left and right ports is possible but co...

Page 11: ...r interface with the LAN interface but extra caution is required Diagram below shows a typical example 2 If another interface board is installed in the printer remove it Malfunctions may occur if the interface board is removed or re inserted To install the interface board please contact your dealer or service person If you replace the interface board by yourself do so at your own risk taking care ...

Page 12: ...Insert the interface board into the interface slot of the printer 4 Connect the interface connector of the board to the interface connector inside the printer 5 Fix the interface board in place with screws Interface slot ...

Page 13: ... Web Manager Connect to this interface board from a browser and then configure the settings on the dedicated settings screen NetToolK Connect to this interface board from a dedicated tool for Windows and then configure the settings You can check the current state and restore the initial state by operating the panel button See the next captor for an explanation of the panel button Furthermore you c...

Page 14: ...re please refer to the manual of XML Config SDK for details JavaScript and Excel VBA macros are available as sample programs for this function The timeout setting for this function is present in the 6 2 CONFIG Service Tab Warning After the firmware upgrade starts do not disconnect power or transmission to the printer until the upgrade is complete When updating the firmware it is necessary to obtai...

Page 15: ... Returning the Interface Board Configuration to Factory Default Settings page 17 for details If there is no activity for three seconds in the setting mode the buzzer will sound once signaling a return to normal mode If the printer to which this interface board is connected is set to not buzz the buzzer will not sound System log printing If printing etc does not work as expected you may be able to ...

Page 16: ...information of Information on the connection status of XML controlled peripheral devices SSL TLS function setting information Setting information for the Request Print function I F Board Information IFx EFX1 Rev1 1 2 Ver 1 15 System LAN Board Name Net Printer Serial Number 100123 MAC Address 00 01 02 0a 0b 0c Current Network Status IP Address 192 168 0 2 DHCP Subnet Mask 255 255 255 0 Gateway 192 ...

Page 17: ... and holds the panel button again within three seconds The following message is printed and the interface board returns to factory default settings I F Board Information Caution Print Server will automatically restart When the operation completes this interface board restarts automatically When automatically obtaining the IP address from the DHCP server is set an IP address that differs from the p...

Page 18: ...tus LED yellow Connected On Disconnected Off Transmitting data Flashing LAN status indicator Connection Status LED green LED red Description Printer disconnected Off Not connected to printer Printer connection Network disconnected On Off Connected to printer Ethernet connecting On Flashing 1 second cycle Seeking IP address from DHCP server via Ethernet Ethernet working On On Network operation via ...

Page 19: ...signed IP address See 3 3 Printing the Interface Board Configuration page16 for details 3 Once the conditions for the printer to join the network are in place configure the wired LAN settings in Web Manager Connect to Web Manager of the printer from the browser of a PC connected to the same network See 4 Web Manager page 20 for details Instead of Web Manager you can also use NetToolK a network con...

Page 20: ...n is available the SSL TLS tab will appear in the CONFIG window 3 If Request Print function is available Request Print tab will appear on STATUS CONFIG window For details see 6 XML Print Peripheral Device Control Function 7 SSL TLS function and 8 Request Print function respectively The configuration window of the interface board cannot be displayed if the network settings of your computer and the ...

Page 21: ...ndow you can check the status of the Interface board CONFIG button Display the CONFIG window At the CONFIG window you can configure the Interface board Logout button Log out from the CONFIG window of the Interface board It is not possible to open the CONFIG window at multiple PCs of the same time You must log out to make settings using another Web manager or NetToolK ...

Page 22: ... tab See 4 3 1 STATUS System Status Tab page 23 Network Status tab See 4 3 2 STATUS Network Status Tab page 24 Printer Status tab See 4 3 3 STATUS Printer Status Tab page 25 Service Status tab See 6 3 STATUS Service Status Tab page 42 Request Print tab See 8 3 STATUS Request Print Tab page 62 ...

Page 23: ...nterface board RAW Port Number Displays the TCP port number for RAW printing Timeout for print data Displays the socket timeout duration during printing When the host and the TCP IP socket are connected and the host sends no data for this duration during printing the socket is forced to close When the setting is 0 the socket remains connected until a disconnection request is received from the host...

Page 24: ...s of the DHCP server from which the Interface board obtained its IP address Lease Time Displays the lease time of the IP address allocated by the DHCP server SSL TLS Displays the status of SSL TLS function Disable The function is disabled Self Singed The function is enabled by the self signed certificate CA Signed The function is enabled by the certificate authenticated by CA Self Signed Displays ...

Page 25: ...operational status of the printer to which the Interface board is connected Ready Ready to print Offline Not ready to print Paper Empty Out of paper Error Error status Note When the printer is connected to the Interface board and the bi directional port of the printer driver is enabled the printer status is not correctly displayed In such cases confirm the printer status from the Windows spooler ...

Page 26: ...g admin admin Login button Click Login The CONFIG window appears Cancel button Cancel login General tab See 4 4 1 CONFIG General Tab page 27 Service tab See 6 2 CONFIG Service Tab page 39 SSL TLS tab See 7 2 CONFIG SSL TLS Tab page 45 Request Print tab See 8 2 CONFIG Request Print Tab page 61 User Account tab See 4 4 2 CONFIG User Tab page 28 Maintenance tab See 4 4 3 CONFIG Maintenance Tab page 2...

Page 27: ...e IP Address Subnet Mask and Default Gateway fields UPnP Setting UPnP factory default Enable Set the UPnP setting Print Settings Configure the printing functions of the printer Raw Port Number factory default 9100 Set the TCP port number for RAW protocol printing Timeout for print data Set the timeout duration for the connection to the host Action at Timeout Select the action for other connections...

Page 28: ...dministrator to change the settings of the Interface board At this screen the administrator name and password can be changed Set User New User name factory default admin Enter the new administrator name New Password factory default admin Enter the new password Confirm New Password Enter the password again Warning If you forget the new username and password settings must be returned to the factory ...

Page 29: ...fault settings Firmware Upgrade button Upgrade the firmware of the Interface board Firmware upgrade 1 Click Browse and select the firmware file 2 Click Write Warning After the firmware upgrade starts do not disconnect power or transmission to the printer until the upgrade is complete When updating the firmware it is necessary to obtain the correct firmware data from us If the firmware is not updat...

Page 30: ...ool can be used with both wired and wireless LAN interface boards 5 1 Installing the NetToolK 1 Acquire the file NetToolKSetup exe from the CD ROM or our website Double click the file 2 If the User Account Control screen appears click Continue 3 The screen shown on the right appears Click Next 4 Enter a username and organization and then click Next ...

Page 31: ...4 NetToolK 31 5 The screen shown on the right appears Click Next 6 The screen shown on the right appears Click Install 7 Click Finish to complete installation ...

Page 32: ...4 NetToolK 32 8 The PC setting tool starts From the System menu select Exit 9 The icon on the right is placed on the desktop of the computer You can now start program by double clicking this icon ...

Page 33: ...NetToolK Tools Select Tools Settings to switch the display of the LAN interface board information When the Show LAN board information check box is selected the LAN interface board operation status can be displayed as shown below Operation status of the wireless LAN interface board ...

Page 34: ...Web Page button Select the LAN interface board you want to configure and then click Configure using a web browser The browser starts and displays the Web manager Configure the LAN Board button Select the LAN interface board you want to configure and then click Configure the LAN Board See 5 3 Setup Window page 35 LAN interface board list The list displays the LAN interface boards connected to the n...

Page 35: ...gure the LAN Board To login at the login screen enter a username and password Username admin factory default Password admin factory default 5 3 1 General Tab Use the General tab to configure the LAN board name and IP address 5 3 2 Wireless LAN Tab Use the Wireless LAN tab to configure the LAN This tab is not displayed for a wired LAN interface board ...

Page 36: ...me and password settings must be returned to the factory default settings 5 3 5 Maintenance Tab Use the Maintenance tab to restart the LAN interface board return the settings to the factory default settings and update the firmware Warning After the firmware upgrade starts do not disconnect power or transmission to the printer until the upgrade is complete When updating the firmware it is necessary...

Page 37: ...es a message like the one shown below appears in red letters If this message appears set the IP address using the Configure the LAN Board button before configuring the LAN interface board Only the server name and IP address can be configured Configure the IP address correctly one time before configuring the wireless LAN interface board ...

Page 38: ...ing conditions are met Printer supports the XML function This interface is connected The firmware version of the printer and this interface board supports XML function If the conditions are met the Service Status tab is displayed in the STATUS window and the Service tab SSL TLS tab are displayed in the CONFIG window When using these functions the URL to which the XML tag format data is sent is as ...

Page 39: ...splayed differ depending on the type of interface board that is connected to the printer IFx xFX2 IFx xFX5 All items Other XML Print and XML Config items only The Media Converter items may be displayed even when the interface board is used in combination with a printer that does not meet the conditions ...

Page 40: ...value for the corresponding device so there is no need to change it 6 2 2 XML Print Item Initial value Configurable range Description Port Number 8080 1025 65535 Connection port number Timeout for connect 10 5 60 Timeout time to wait for printing to start Timeout for print 60 10 600 Timeout period for waiting for printer processing completion 6 2 3 XML Device Control Configure the following genera...

Page 41: ... the scanner USB HID keyboard method is checked If a connection with the scanner cannot be confirmed an alert message Test failed is displayed in the browser 6 2 6 XML Device Control Speaker If the Test Device button is pressed while a USB speaker is connected the sound chime prerecorded in the interface board is played If a connection with the USB speaker cannot be confirmed an alert message Test...

Page 42: ...4 XML Print Peripheral Device Control Function 42 6 3 STATUS Service Status Tab The settings on the Service tab the connection state of the peripheral device etc are reflected here ...

Page 43: ...ins the unique information for certification This board also allows importing a certificate signed by a public CA for more secure communication Differences in procedures for preparing signed certificates between this board and a normal server For SSL TLS communication you will need a signed certificate file and a private key file The general procedure for preparing these on a normal server is as f...

Page 44: ...lf signed certificate generated and stored inside the printer B Local certificate A certificate signed by a private certification authority CA on the local network and imported into the board C Public certificate A certificate 子 signed by a public certification authority CA on the Internet and imported into the board The descriptions in the following chapters correspond to certificate A B or C as ...

Page 45: ...elf Signed Certificate Update button Move to Update Self Signed Certificate page See 7 2 3 Update Self Signed Certificate Export button Export a certificate to install the server information to the client No need to reinstall for certificate renewal Delete button Deletes the self signed certificate that was created CA Signed Certificate CA Signed Certificate File Select the public CA signed certif...

Page 46: ...ecture Country Enter the country code where the Operator is located using two letters of the alphabet Validity Not Before Default Entry Date Enter the start date of the certificate validity period Validity Not After Default 1 year after the entry date Enter the end date of the certificate validity period Internal Certification Authority This field is for entering information about certificate rene...

Page 47: ... the location of the Operator State Prefecture Country Enter the country code where the Operator is located using two letters of the alphabet Validity Not Before Default value Entry date Enter the start date of the certificate validity period within the period for which the certificate can be renewed Validity Not After Default 1 year after the entry date Enter the end date of the certificate valid...

Page 48: ...unication using a self signed certificate 7 3 1 Generating and exporting self signed certificates 1 Access the IP address of the board from your browser 2 Select the CONFIG tab 3 Enter User Name admin Password admin to enter the configuration screen ...

Page 49: ...4 SSL TLS function 49 4 Set a static IP and select the Submit button 5 Select the SSL TLS tab and go to the SSL TLS setting window 6 Click the Create button to enter the self certification windows ...

Page 50: ...s the validity period of the certificate stored on the board and the second one is the validity period of the file to be exported Basically there is no need to change it An error will occur if the first Validity is set outside the period of the second Validity 8 Click the Create button ...

Page 51: ...on 10 Select Enable for Service and CA Signed Certificate for Server Certification in SSL TLS Setting 11 Click the Export button to save the self certificate file The file will be used for importing into your browser 12 Press the Submit button ...

Page 52: ...4 SSL TLS function 52 13 Press Save Reboot 14 Click the Yes button to save reboot Please wait until the board reboots The configuration changes will be reflected after the reboot ...

Page 53: ...3 7 3 2 Example of importing a self signed certificate in a browser Chrome Chrome Settings Privacy and security Security Manage certificate Select the Trusted Root Certification Authorities tab and click the Import button ...

Page 54: ...4 SSL TLS function 54 Press Next Press Browse and choose the self signed certificate file that you exported in 7 3 1 and press Next ...

Page 55: ...4 SSL TLS function 55 Press Next Press Finish ...

Page 56: ...ame for other browsers Note When using a self signed certificate exported from this board it is necessary to import the certificate for each browser as shown in this procedure to prevent the warning from appearing However if the user has prepared a self signed certificate separately from this board the self signed certificate and private key can be registered as a set to this board just like a pub...

Page 57: ... suite Priority Cipher suite 1 TLS_RSA_WITH_AES_256_CBC_SHA256 2 TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 3 TLS_RSA_WITH_AES_256_CBC_SHA 4 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 5 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 6 TLS_RSA_WITH_AES_128_CBC_SHA256 7 TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 8 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 9 TLS_RSA_WITH_AES_128_GCM_SHA256 10 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 11 TLS_ECDH...

Page 58: ...MS JAPAN 64 chars Locate L Blank 128 chars State S Blank 128 chars Country C JP Alphanumeric 2 chars Validity Not After 2049 12 31 or 1 year after Create YYYY MM DD 2020 01 01 2049 12 31 Validity Not Before 2020 01 01 or the time of Create YYYY MM DD 2020 01 01 2049 12 31 The other items set in the certificate creation are entered as shown in the table below No changes can be made by the user Self...

Page 59: ...otection not supported Encryption algorithm AES 128 256 Hash algorithm SHA2 256 SHA1 Key Exchange Method RSA 2048 bit 7 4 4 Handling of saved certificates when restoring factory settings updating firmware When the Factory Default process in the CONFIG Maintenance Tab is executed each setting value will be set to the default value and the registered certificate will be deleted when the Firmware Upg...

Page 60: ...separately A sample kit that can be installed on a Web server for demonstration is also available and the manual explains how to install it This function is available when the following conditions are met The printer must be a model that supports the XML function IFx EFX2 with firmware version 2 30 or higher is connected to the printer The printer s firmware must support the connection to the IFx ...

Page 61: ...you want to make requests to the server ID Default Mac address of this interface board Enter the individual identification code to be sent upon request DNS Enter IP addresses of preferred DNS and alternate DNS to be used when making requests Basic Authorization Settings If the server to which printer is communicating requires Basic authentication it can pass the authentication and communicate with...

Page 62: ...If 0 is entered the alarm printing function is disabled Beep for warning Default Disable Sets whether to enable the buzzer function for alarm printing 8 3 STATUS Request Print Tab The settings on the Request Print tab and the connection status of peripheral devices are shown here 8 4 Printing system log If Request Print did not work as expected you may be able to check the situation by checking th...

Reviews:

No comments