12 Encryption and Digital Signature Settings
280
E
n
cr
y
p
tion a
nd Digit
a
l S
igna
tur
e Se
tt
ings
12
Configuration of Encryption using IPSec
This section describes how to encrypt communication using IPSec.
When the IKE authentication method is set to [Authenticate by Preshared Key], skip
step 1 "Import and Configuration a Certificate" and go to step 2 "Configuration on the
Machine (Configuration of IPSec)".
For the available IKE authentication methods, refer to "IKE Authentication Method" (P.148).
The following shows the reference section for each item.
Step1 Import and Configuration of a Certificate ......................................................................280
Step2 Configuration on the Machine (Configuration of IPSec) ...............................................281
Step3 Configuration on a Computer .........................................................................................282
Installation Overview
The following is the procedure for encrypting communication using IPSec.
Configuration on the Machine
When [IKE Authentication Method] is set to [Authenticate by Digital Signature], a
certificate for IPSec needs to be imported into the machine. After importing a certificate,
configure IPSec. By default, no certificate is registered with the machine.
z
Configuring certificates by CentreWare Internet Services
Two methods are available depending on types of certificates.
- Create a self-certificate on the machine, and enable HTTPS.
- Enable HTTPS, and import a created certificate on the machine.
Note
•
If a certificate to be imported as an IPSec certificate contains V3 extension "KeyUsage",
"digitalSigunature" must be set to On.
Configuration on a Computer
The following settings are required on a computer.
z
Create an IP security policy
z
Assign the IP security policy
Step1 Import and Configuration of a Certificate
The following explains how to import and configure a certificate with CentreWare
Internet Services.
To configure a certificate on CentreWare Internet Services, first configure the
encryption settings for HTTP communication, and then import a certificate to use as a
scan file signature certificate.
For details on how to configure the encryption settings for HTTP communication, refer to
"Configuration of HTTP Communication Encryption" (P.278).
1
Start CentreWare Internet Services.
Refer to "Starting CentreWare Internet Services" (P.218).
2
Import a certificate.
Important •
When a certificate is to be imported, if the same certificate has been already registered in
[Local Device] or [Others], the certificate cannot be imported. Delete the registered
certificate before importing.